{"type":"bundle","id":"bundle--211bacb1-ac44-5439-a8cc-dd943fb0eea0","objects":[{"type":"identity","spec_version":"2.1","id":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","created":"2020-12-08T00:00:00.000Z","modified":"2020-12-08T00:00:00.000Z","name":"TweetFeed","description":"Community-sourced Threat Intelligence feed aggregating IOCs (URLs, domains, IPs, hashes) from infosec researchers on Twitter/X. Refreshed every 15 minutes.","identity_class":"organization","contact_information":"https://tweetfeed.live"},{"type":"indicator","spec_version":"2.1","id":"indicator--f17f99e1-d87e-5a70-9a33-73895718dcf5","created":"2026-04-14T02:00:39.000Z","modified":"2026-04-14T02:00:39.000Z","valid_from":"2026-04-14T02:00:39.000Z","name":"hxodtik.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hxodtik.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2043872028323918025"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c69ce9a5-3466-54e7-b0dc-aaf3f987ce2a","created":"2026-04-14T02:00:39.000Z","modified":"2026-04-14T02:00:39.000Z","valid_from":"2026-04-14T02:00:39.000Z","name":"https://hxodtik.cn/klp/w2/das=sonys/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://hxodtik.cn/klp/w2/das=sonys/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2043872028323918025"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68050a8f-0d9b-5958-b9a1-30cb51bd1b6d","created":"2026-04-14T03:19:34.000Z","modified":"2026-04-14T03:19:34.000Z","valid_from":"2026-04-14T03:19:34.000Z","name":"http://204.12.236.177:9628","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://204.12.236.177:9628']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2043891889842291024"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--70b80f24-8da4-5905-afd1-c8f1d541050a","created":"2026-04-14T03:19:34.000Z","modified":"2026-04-14T03:19:34.000Z","valid_from":"2026-04-14T03:19:34.000Z","name":"204.12.236.177","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '204.12.236.177']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2043891889842291024"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f437258-5c2f-5946-9680-9b7ca4d5faac","created":"2026-04-14T03:19:34.000Z","modified":"2026-04-14T03:19:34.000Z","valid_from":"2026-04-14T03:19:34.000Z","name":"cf0d1817051b09ecae910069ba5cd089","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'cf0d1817051b09ecae910069ba5cd089']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2043891889842291024"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91b1f26c-2895-5094-9d98-5c5f3a48ea08","created":"2026-04-14T04:24:15.000Z","modified":"2026-04-14T04:24:15.000Z","valid_from":"2026-04-14T04:24:15.000Z","name":"168.222.254.80","description":"IOC reported by @solostalking on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '168.222.254.80']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/solostalking/status/2043908165230833895"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--65f9aee4-810e-5cf3-b394-d8e369af81c3","created":"2026-04-14T04:26:30.000Z","modified":"2026-04-14T04:26:30.000Z","valid_from":"2026-04-14T04:26:30.000Z","name":"47.113.114.47","description":"IOC reported by @solostalking on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.113.114.47']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/solostalking/status/2043908730937586167"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5dfa6ac9-b2f5-5850-a4ef-541843b53ba1","created":"2026-04-14T05:16:10.000Z","modified":"2026-04-14T05:16:10.000Z","valid_from":"2026-04-14T05:16:10.000Z","name":"http://18.204.202.200","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://18.204.202.200']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043921232337195382"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ccb36c7-351a-51ce-be08-da1234d4da12","created":"2026-04-14T05:16:10.000Z","modified":"2026-04-14T05:16:10.000Z","valid_from":"2026-04-14T05:16:10.000Z","name":"18.204.202.200","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '18.204.202.200']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043921232337195382"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--08a8ddc6-cd59-5d75-a67d-8189136a6785","created":"2026-04-14T06:09:30.000Z","modified":"2026-04-14T06:09:30.000Z","valid_from":"2026-04-14T06:09:30.000Z","name":"tepcnet.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tepcnet.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934654135152696"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--72f08854-0c46-5b19-a743-e947c9025f50","created":"2026-04-14T06:09:30.000Z","modified":"2026-04-14T06:09:30.000Z","valid_from":"2026-04-14T06:09:30.000Z","name":"https://tepcnet.com/ja","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://tepcnet.com/ja']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934654135152696"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--495d83e7-26ae-525b-99b2-8309f84b21de","created":"2026-04-14T06:09:30.000Z","modified":"2026-04-14T06:09:30.000Z","valid_from":"2026-04-14T06:09:30.000Z","name":"tepcndxt.fyi","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tepcndxt.fyi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934654135152696"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f639c1be-7bdf-5930-ad15-6cf45cb08bb2","created":"2026-04-14T06:09:30.000Z","modified":"2026-04-14T06:09:30.000Z","valid_from":"2026-04-14T06:09:30.000Z","name":"https://tepcndxt.fyi/ja","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://tepcndxt.fyi/ja']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934654135152696"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb0bc7a6-1a9a-5e8a-8193-c7beb983cd2b","created":"2026-04-14T06:09:30.000Z","modified":"2026-04-14T06:09:30.000Z","valid_from":"2026-04-14T06:09:30.000Z","name":"tepcnam.co","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tepcnam.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934654135152696"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bdc6604-437e-52ee-8cd0-46e34f578e16","created":"2026-04-14T06:09:30.000Z","modified":"2026-04-14T06:09:30.000Z","valid_from":"2026-04-14T06:09:30.000Z","name":"https://tepcnam.co/ja","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://tepcnam.co/ja']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934654135152696"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--674127bc-a372-5b1f-9813-31198d8ec6cf","created":"2026-04-14T06:09:30.000Z","modified":"2026-04-14T06:09:30.000Z","valid_from":"2026-04-14T06:09:30.000Z","name":"tepcok.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tepcok.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934654135152696"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--db53ea4c-8205-515e-b7c3-3cd3077b0c7a","created":"2026-04-14T06:09:30.000Z","modified":"2026-04-14T06:09:30.000Z","valid_from":"2026-04-14T06:09:30.000Z","name":"https://tepcok.com/ja","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://tepcok.com/ja']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934654135152696"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9297334-6fc4-579e-84a8-88a9768b7719","created":"2026-04-14T06:10:28.000Z","modified":"2026-04-14T06:10:28.000Z","valid_from":"2026-04-14T06:10:28.000Z","name":"japan-japanpost-jp.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'japan-japanpost-jp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934896674967867"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--de872ac5-07b8-59dd-816c-080656b74d76","created":"2026-04-14T06:10:28.000Z","modified":"2026-04-14T06:10:28.000Z","valid_from":"2026-04-14T06:10:28.000Z","name":"https://japan-japanpost-jp.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://japan-japanpost-jp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934896674967867"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--84bbf763-3122-5ff5-a426-a2b8f0a392f6","created":"2026-04-14T06:10:28.000Z","modified":"2026-04-14T06:10:28.000Z","valid_from":"2026-04-14T06:10:28.000Z","name":"postjapan-post.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'postjapan-post.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934896674967867"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5154353-2655-5f5b-90f2-fb7ccc804e2f","created":"2026-04-14T06:10:28.000Z","modified":"2026-04-14T06:10:28.000Z","valid_from":"2026-04-14T06:10:28.000Z","name":"https://postjapan-post.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://postjapan-post.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934896674967867"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--140a4e8d-ca6f-5ba0-ab3a-6a72a0fd6a98","created":"2026-04-14T06:10:28.000Z","modified":"2026-04-14T06:10:28.000Z","valid_from":"2026-04-14T06:10:28.000Z","name":"jp-postjp-japan.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jp-postjp-japan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934896674967867"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0993a164-4993-5f93-bf8a-b68646b901f8","created":"2026-04-14T06:10:28.000Z","modified":"2026-04-14T06:10:28.000Z","valid_from":"2026-04-14T06:10:28.000Z","name":"https://jp-postjp-japan.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jp-postjp-japan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934896674967867"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d2bfd70e-9006-5ba5-b209-28c0e6dae6ed","created":"2026-04-14T06:10:40.000Z","modified":"2026-04-14T06:10:40.000Z","valid_from":"2026-04-14T06:10:40.000Z","name":"jp.linesafe.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jp.linesafe.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934947480654251"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--75266d7b-8098-5f85-8bf7-b2e75d265d50","created":"2026-04-14T06:10:40.000Z","modified":"2026-04-14T06:10:40.000Z","valid_from":"2026-04-14T06:10:40.000Z","name":"https://jp.linesafe.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jp.linesafe.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043934947480654251"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d291773d-1fdd-5adb-b4dc-bb7e0fd82c54","created":"2026-04-14T06:11:42.000Z","modified":"2026-04-14T06:11:42.000Z","valid_from":"2026-04-14T06:11:42.000Z","name":"nptpjz.cn","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nptpjz.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043935207850430637"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--76742ea3-3c0f-5ac2-89f8-46b78fe523c0","created":"2026-04-14T06:11:42.000Z","modified":"2026-04-14T06:11:42.000Z","valid_from":"2026-04-14T06:11:42.000Z","name":"https://nptpjz.cn","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nptpjz.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043935207850430637"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5459eb18-d09b-548a-9b21-78c1bbded835","created":"2026-04-14T06:47:15.000Z","modified":"2026-04-14T06:47:15.000Z","valid_from":"2026-04-14T06:47:15.000Z","name":"a914a733cc38deff57ebd8f2f439e35d","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'a914a733cc38deff57ebd8f2f439e35d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2043944154250784858"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--489f4bec-f413-502a-bff1-a6e9504cd665","created":"2026-04-14T06:50:53.000Z","modified":"2026-04-14T06:50:53.000Z","valid_from":"2026-04-14T06:50:53.000Z","name":"fc37d1e1e4301e466bdf21c2c8107d61","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'fc37d1e1e4301e466bdf21c2c8107d61']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2043945066486727126"}],"labels":["AmosStealer","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd829b19-397d-5585-9a6e-cdfd9a83be67","created":"2026-04-14T07:03:55.000Z","modified":"2026-04-14T07:03:55.000Z","valid_from":"2026-04-14T07:03:55.000Z","name":"zfjzhg.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zfjzhg.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043948347493613862"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--11049ab3-1379-5ed1-b40d-1e0b77cea3f4","created":"2026-04-14T07:03:55.000Z","modified":"2026-04-14T07:03:55.000Z","valid_from":"2026-04-14T07:03:55.000Z","name":"https://zfjzhg.cn/w2/f2/weq=guoshuis/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zfjzhg.cn/w2/f2/weq=guoshuis/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043948347493613862"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9dda86ef-388e-514d-a809-e03281df0426","created":"2026-04-14T07:03:55.000Z","modified":"2026-04-14T07:03:55.000Z","valid_from":"2026-04-14T07:03:55.000Z","name":"http://165.154.241.56","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://165.154.241.56']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043948347493613862"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d5157a8-e8ed-539a-9013-b47275fe61cc","created":"2026-04-14T07:03:55.000Z","modified":"2026-04-14T07:03:55.000Z","valid_from":"2026-04-14T07:03:55.000Z","name":"165.154.241.56","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '165.154.241.56']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043948347493613862"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1bd9b18f-e068-5c74-9119-e7526b6a2795","created":"2026-04-14T07:06:02.000Z","modified":"2026-04-14T07:06:02.000Z","valid_from":"2026-04-14T07:06:02.000Z","name":"d993dfac5e0f31b06b6c44c4737fa78d642d25f82c8a5d49af8c3beadcf5804d","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd993dfac5e0f31b06b6c44c4737fa78d642d25f82c8a5d49af8c3beadcf5804d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043948878907449754"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cd88bb2-dc55-5bf1-8826-7c37c3f666ec","created":"2026-04-14T07:17:16.000Z","modified":"2026-04-14T07:17:16.000Z","valid_from":"2026-04-14T07:17:16.000Z","name":"htnxvfw.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'htnxvfw.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043951707785511062"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--16d0d820-c031-513b-bff3-768fbe0e6801","created":"2026-04-14T07:17:16.000Z","modified":"2026-04-14T07:17:16.000Z","valid_from":"2026-04-14T07:17:16.000Z","name":"https://htnxvfw.cn/g1/g/2ds=docomos/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://htnxvfw.cn/g1/g/2ds=docomos/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043951707785511062"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc712ba8-9768-5743-b0cd-a9071b3da88d","created":"2026-04-14T07:31:29.000Z","modified":"2026-04-14T07:31:29.000Z","valid_from":"2026-04-14T07:31:29.000Z","name":"apple.securefix.cfd","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'apple.securefix.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043955285820322121"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--69cdd904-eabf-5a27-88e7-64b4f2f482c3","created":"2026-04-14T07:31:29.000Z","modified":"2026-04-14T07:31:29.000Z","valid_from":"2026-04-14T07:31:29.000Z","name":"https://apple.securefix.cfd/login","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://apple.securefix.cfd/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043955285820322121"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9632861d-1801-5d81-a29b-30a42d901220","created":"2026-04-14T07:31:29.000Z","modified":"2026-04-14T07:31:29.000Z","valid_from":"2026-04-14T07:31:29.000Z","name":"http://104.21.92.62","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.92.62']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043955285820322121"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a61aebc4-894b-5f04-ab31-1083bbd409dc","created":"2026-04-14T07:31:29.000Z","modified":"2026-04-14T07:31:29.000Z","valid_from":"2026-04-14T07:31:29.000Z","name":"http://172.67.187.23","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.187.23']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2043955285820322121"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f035c6f5-250e-5079-b7e4-836abdb54c69","created":"2026-04-14T07:40:09.000Z","modified":"2026-04-14T07:40:09.000Z","valid_from":"2026-04-14T07:40:09.000Z","name":"awuedu.org","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'awuedu.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2043957466178748556"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16cf41aa-4748-5b80-b25c-c9f9f744b494","created":"2026-04-14T07:40:09.000Z","modified":"2026-04-14T07:40:09.000Z","valid_from":"2026-04-14T07:40:09.000Z","name":"https://awuedu.org/mu2.html","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://awuedu.org/mu2.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2043957466178748556"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6dd7716-ffbf-5e30-bece-158224774eb2","created":"2026-04-14T07:46:47.000Z","modified":"2026-04-14T07:46:47.000Z","valid_from":"2026-04-14T07:46:47.000Z","name":"https://github.com/demarcusnofatherington420-a11y/","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/demarcusnofatherington420-a11y/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2043959133796262037"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--38a564c9-1f3e-59a1-90d1-571079823e3c","created":"2026-04-14T08:11:29.000Z","modified":"2026-04-14T08:11:29.000Z","valid_from":"2026-04-14T08:11:29.000Z","name":"fromagerie-rolle.ch","description":"IOC reported by @Slvlombardo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fromagerie-rolle.ch']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Slvlombardo/status/2043965351340212278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b088c39-367e-5b62-b7da-ced75ecbb41b","created":"2026-04-14T08:11:29.000Z","modified":"2026-04-14T08:11:29.000Z","valid_from":"2026-04-14T08:11:29.000Z","name":"https://www.fromagerie-rolle.ch/shop/x4pppolu/err6t9f5dg/ds3x20wr/:right_arrow_curving_down","description":"IOC reported by @Slvlombardo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.fromagerie-rolle.ch/shop/x4pppolu/err6t9f5dg/ds3x20wr/:right_arrow_curving_down']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Slvlombardo/status/2043965351340212278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e83698c9-051d-5321-8078-7dc2c649a48b","created":"2026-04-14T08:11:29.000Z","modified":"2026-04-14T08:11:29.000Z","valid_from":"2026-04-14T08:11:29.000Z","name":"ead-id-net-lod-it-ord-id-it.com","description":"IOC reported by @Slvlombardo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ead-id-net-lod-it-ord-id-it.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Slvlombardo/status/2043965351340212278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--109786e2-3855-508f-9f59-bc871e16732d","created":"2026-04-14T08:11:29.000Z","modified":"2026-04-14T08:11:29.000Z","valid_from":"2026-04-14T08:11:29.000Z","name":"https://ead-id-net-lod-it-ord-id-it.com/ITdoaler/tcelesIT/sipaIT-net/app/log","description":"IOC reported by @Slvlombardo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ead-id-net-lod-it-ord-id-it.com/ITdoaler/tcelesIT/sipaIT-net/app/log']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Slvlombardo/status/2043965351340212278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--23c23d6f-ce3f-5221-83e1-6a04e0878eb7","created":"2026-04-14T08:49:33.000Z","modified":"2026-04-14T08:49:33.000Z","valid_from":"2026-04-14T08:49:33.000Z","name":"dpaper.dothome.co.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dpaper.dothome.co.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043974932422369592"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b6fbd71-9fed-5de4-8c55-bb6fb995840a","created":"2026-04-14T08:49:33.000Z","modified":"2026-04-14T08:49:33.000Z","valid_from":"2026-04-14T08:49:33.000Z","name":"https://dpaper.dothome.co.kr/gc/index.php","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dpaper.dothome.co.kr/gc/index.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043974932422369592"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bfcdd179-e117-58ac-95de-4e0a7b10542b","created":"2026-04-14T08:49:33.000Z","modified":"2026-04-14T08:49:33.000Z","valid_from":"2026-04-14T08:49:33.000Z","name":"85b7b6c02fb7bf8c6446f702640949c66bc8d7c98057b83ee04e542dfe9a56d6","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '85b7b6c02fb7bf8c6446f702640949c66bc8d7c98057b83ee04e542dfe9a56d6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043974932422369592"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--456f1528-581d-5095-a082-39c43306fc0a","created":"2026-04-14T08:53:22.000Z","modified":"2026-04-14T08:53:22.000Z","valid_from":"2026-04-14T08:53:22.000Z","name":"https://www.fromagerie-rolle.ch/shop/x4pppolu/err6t9f5dg/","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.fromagerie-rolle.ch/shop/x4pppolu/err6t9f5dg/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043975890380431417"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--60cbb7a1-4105-56db-a3aa-2d3c49dd7006","created":"2026-04-14T09:17:25.000Z","modified":"2026-04-14T09:17:25.000Z","valid_from":"2026-04-14T09:17:25.000Z","name":"http://46.183.222.116/ZEnECactfUaYZq206.bin","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://46.183.222.116/ZEnECactfUaYZq206.bin']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2043981942555574398"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--68f81288-eefe-57e1-aceb-3242da91299a","created":"2026-04-14T09:17:25.000Z","modified":"2026-04-14T09:17:25.000Z","valid_from":"2026-04-14T09:17:25.000Z","name":"46.183.222.116","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '46.183.222.116']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2043981942555574398"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--24fa3b43-2d7d-5195-86de-67df01e8b91d","created":"2026-04-14T09:41:46.000Z","modified":"2026-04-14T09:41:46.000Z","valid_from":"2026-04-14T09:41:46.000Z","name":"antespirit.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'antespirit.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043988072803512709"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c720fe21-8a2b-52f7-9c36-326ea9b22d95","created":"2026-04-14T09:41:46.000Z","modified":"2026-04-14T09:41:46.000Z","valid_from":"2026-04-14T09:41:46.000Z","name":"http://antespirit.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://antespirit.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043988072803512709"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c35a7001-97c2-58b0-b8f8-25b34a6506ed","created":"2026-04-14T10:13:22.000Z","modified":"2026-04-14T10:13:22.000Z","valid_from":"2026-04-14T10:13:22.000Z","name":"nenkines-attachments.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nenkines-attachments.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043996024406978904"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8feec8e1-44fb-5f41-a926-9d09f3431152","created":"2026-04-14T10:13:22.000Z","modified":"2026-04-14T10:13:22.000Z","valid_from":"2026-04-14T10:13:22.000Z","name":"http://nenkines-attachments.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nenkines-attachments.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2043996024406978904"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--40fe9ea6-dfbc-58a2-aeef-83e9c17cf42e","created":"2026-04-14T10:34:18.000Z","modified":"2026-04-14T10:34:18.000Z","valid_from":"2026-04-14T10:34:18.000Z","name":"uanlktz.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uanlktz.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044001292364984696"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d428df70-3a4a-5811-a1d2-f5181aeaddf8","created":"2026-04-14T10:34:18.000Z","modified":"2026-04-14T10:34:18.000Z","valid_from":"2026-04-14T10:34:18.000Z","name":"https://uanlktz.cn/g1/g/2ds=docomos/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://uanlktz.cn/g1/g/2ds=docomos/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044001292364984696"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--062e88f1-f7ac-54ff-be44-fa1e904ee25f","created":"2026-04-14T10:42:47.000Z","modified":"2026-04-14T10:42:47.000Z","valid_from":"2026-04-14T10:42:47.000Z","name":"vazifalar.uz","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vazifalar.uz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044003429253538195"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf523ad4-e6d0-5a60-977d-b693409cb4d5","created":"2026-04-14T10:42:47.000Z","modified":"2026-04-14T10:42:47.000Z","valid_from":"2026-04-14T10:42:47.000Z","name":"http://vazifalar.uz","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vazifalar.uz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044003429253538195"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8aea89ea-691c-5b61-a8a8-842d17b5757a","created":"2026-04-14T10:58:35.000Z","modified":"2026-04-14T10:58:35.000Z","valid_from":"2026-04-14T10:58:35.000Z","name":"118.107.40.167","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '118.107.40.167']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044007402198970478"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5449fde2-f364-5250-a600-23bf130df1bd","created":"2026-04-14T11:02:45.000Z","modified":"2026-04-14T11:02:45.000Z","valid_from":"2026-04-14T11:02:45.000Z","name":"tmanei.cn-afang.com","description":"IOC reported by @lnlotu2 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tmanei.cn-afang.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/lnlotu2/status/2044008450250924411"}],"labels":["scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c337aede-ef07-5572-9b48-a33f68e877a8","created":"2026-04-14T11:02:45.000Z","modified":"2026-04-14T11:02:45.000Z","valid_from":"2026-04-14T11:02:45.000Z","name":"http://tmanei.cn-afang.com","description":"IOC reported by @lnlotu2 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tmanei.cn-afang.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/lnlotu2/status/2044008450250924411"}],"labels":["scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--878fc5cf-2580-592d-965b-bd67bc4b4a58","created":"2026-04-14T12:30:53.000Z","modified":"2026-04-14T12:30:53.000Z","valid_from":"2026-04-14T12:30:53.000Z","name":"ea6650ae6d0290307d6ea201fc850afe","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'ea6650ae6d0290307d6ea201fc850afe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2044030629684367478"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebb68380-08e8-5319-98b8-6d4329e17f26","created":"2026-04-14T14:29:20.000Z","modified":"2026-04-14T14:29:20.000Z","valid_from":"2026-04-14T14:29:20.000Z","name":"http://46.227.184.199:54469/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://46.227.184.199:54469/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2044060441047916709"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d614f5e8-fe12-5ac5-a2fd-56dbf8ee9495","created":"2026-04-14T14:29:20.000Z","modified":"2026-04-14T14:29:20.000Z","valid_from":"2026-04-14T14:29:20.000Z","name":"46.227.184.199","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '46.227.184.199']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2044060441047916709"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--75fc0908-3009-5aa6-a0ca-ec6061034b6e","created":"2026-04-14T14:44:58.000Z","modified":"2026-04-14T14:44:58.000Z","valid_from":"2026-04-14T14:44:58.000Z","name":"http://170.83.239.253","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://170.83.239.253']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044064376286536130"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fab813d-f0e2-5504-9e26-366a7332ed94","created":"2026-04-14T14:44:58.000Z","modified":"2026-04-14T14:44:58.000Z","valid_from":"2026-04-14T14:44:58.000Z","name":"170.83.239.253","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '170.83.239.253']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044064376286536130"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--12c555d9-eec8-5054-b829-226e8b30c13b","created":"2026-04-14T15:24:15.000Z","modified":"2026-04-14T15:24:15.000Z","valid_from":"2026-04-14T15:24:15.000Z","name":"mofa-gov-bd.mail-svr.co","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mofa-gov-bd.mail-svr.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044074261627674962"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e1db70c-1919-5f88-ad8c-b16a34094e59","created":"2026-04-14T15:24:15.000Z","modified":"2026-04-14T15:24:15.000Z","valid_from":"2026-04-14T15:24:15.000Z","name":"https://mofa-gov-bd.mail-svr.co/43359259/adobe-reader","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mofa-gov-bd.mail-svr.co/43359259/adobe-reader']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044074261627674962"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f8983d8-0d6e-5118-9c9b-e6e08b1dbcb2","created":"2026-04-14T18:00:28.000Z","modified":"2026-04-14T18:00:28.000Z","valid_from":"2026-04-14T18:00:28.000Z","name":"http://77.91.97.186/login.html","description":"IOC reported by @ViriBack on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://77.91.97.186/login.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ViriBack/status/2044113575317315757"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2f6c458-ad6b-5273-a391-e4548eb5e45d","created":"2026-04-14T18:00:28.000Z","modified":"2026-04-14T18:00:28.000Z","valid_from":"2026-04-14T18:00:28.000Z","name":"77.91.97.186","description":"IOC reported by @ViriBack on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.91.97.186']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ViriBack/status/2044113575317315757"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af18bcbb-9716-55c0-a850-97ae1756352b","created":"2026-04-14T18:01:04.000Z","modified":"2026-04-14T18:01:04.000Z","valid_from":"2026-04-14T18:01:04.000Z","name":"184.174.20.150","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '184.174.20.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044113723049087184"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d598fb9d-a161-5909-93f6-7d19eb75568a","created":"2026-04-14T18:06:51.000Z","modified":"2026-04-14T18:06:51.000Z","valid_from":"2026-04-14T18:06:51.000Z","name":"101.43.204.194","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '101.43.204.194']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2044115180515184908"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--418027ed-1a25-5366-a511-905dcf9739d9","created":"2026-04-14T18:06:51.000Z","modified":"2026-04-14T18:06:51.000Z","valid_from":"2026-04-14T18:06:51.000Z","name":"b8053bcd04ce9d7d19c7f36830a9f26b","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'b8053bcd04ce9d7d19c7f36830a9f26b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2044115180515184908"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c1c8677-8e1a-5b7c-ab8a-e2d5ab19fa61","created":"2026-04-14T18:06:51.000Z","modified":"2026-04-14T18:06:51.000Z","valid_from":"2026-04-14T18:06:51.000Z","name":"f4ea4e9b8017b5edd392b7416bd390af","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'f4ea4e9b8017b5edd392b7416bd390af']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2044115180515184908"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31510a75-9f02-5e99-8dec-5123a36c7245","created":"2026-04-14T18:47:02.000Z","modified":"2026-04-14T18:47:02.000Z","valid_from":"2026-04-14T18:47:02.000Z","name":"udbetalingdanmarknyt.com","description":"IOC reported by @TeamDreier on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'udbetalingdanmarknyt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/TeamDreier/status/2044125294445928558"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8346c5d6-1071-5474-902c-d26b1db92d89","created":"2026-04-14T18:47:02.000Z","modified":"2026-04-14T18:47:02.000Z","valid_from":"2026-04-14T18:47:02.000Z","name":"https://udbetalingdanmarknyt.com","description":"IOC reported by @TeamDreier on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://udbetalingdanmarknyt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/TeamDreier/status/2044125294445928558"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6db759d2-e4a0-5a97-b3c6-e05dfe46dc01","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"msi5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'msi5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53ecf95b-3776-553d-873e-571fdbb3b2f3","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"http://msi5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://msi5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4961a1a3-49f4-5923-8586-b7e86a982704","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"nid.en.ntxcopesd.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.en.ntxcopesd.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3b1615f-36c6-5a49-9365-46fb4b113490","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"http://nid.en.ntxcopesd.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.en.ntxcopesd.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa6d0fcf-3db1-5edc-8bdd-cd9b4a07166f","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"iec28px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iec28px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0eeef22-b9dd-5d8c-b5ee-8a9bcd066695","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"http://iec28px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://iec28px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b1495ad-36f9-54d9-9225-f75a46a8a2d1","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"n-store.iec28px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-store.iec28px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f7b720b-e926-5022-821e-e3335dd8c2e5","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"http://n-store.iec28px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-store.iec28px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--192a4daa-2a14-5858-be3d-d51b0b8e70d3","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"isc8px.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'isc8px.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--025ee06a-921f-5b28-a6cb-ed1f65b97d73","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"http://isc8px.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://isc8px.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d440e6cd-bfe5-5dd7-94cf-65e9a61a6883","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"nuser-login.isc8px.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nuser-login.isc8px.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40c9db4c-e5b8-5655-8dbf-1f20c0afdbed","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"http://nuser-login.isc8px.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nuser-login.isc8px.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ed67d54-eb17-5cd4-99b7-522f05d57875","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"isc24px.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'isc24px.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15708d07-c276-57ca-b847-0215ad66e8fb","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"http://isc24px.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://isc24px.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e37c910-3620-5d93-a762-8aae02d77f5b","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"iec12px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iec12px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4888b76f-e8a2-586e-893f-3f1100849363","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"http://iec12px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://iec12px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c5c298b2-651c-5802-ba9d-b392a0d7ac65","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"nid-user.iec12px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-user.iec12px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebb739bd-3165-5149-85cf-30ed56cc2ff5","created":"2026-04-14T19:12:30.000Z","modified":"2026-04-14T19:12:30.000Z","valid_from":"2026-04-14T19:12:30.000Z","name":"http://nid-user.iec12px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-user.iec12px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044131700951625923"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc7acbb0-eda3-5455-8e69-d16b15fcc6c5","created":"2026-04-14T19:26:37.000Z","modified":"2026-04-14T19:26:37.000Z","valid_from":"2026-04-14T19:26:37.000Z","name":"legitserver.theworkpc.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'legitserver.theworkpc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044135255955710208"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--91bfa759-b441-5bb1-bf42-7068c1c373c4","created":"2026-04-14T19:26:37.000Z","modified":"2026-04-14T19:26:37.000Z","valid_from":"2026-04-14T19:26:37.000Z","name":"http://legitserver.theworkpc.com:5443/OneDriveServer.zip","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://legitserver.theworkpc.com:5443/OneDriveServer.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044135255955710208"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4cbbd51c-4c62-585e-8916-49b6015d262c","created":"2026-04-14T19:26:37.000Z","modified":"2026-04-14T19:26:37.000Z","valid_from":"2026-04-14T19:26:37.000Z","name":"http://45.138.16.64","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.138.16.64']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044135255955710208"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--099f3af6-a81d-50a2-9190-ddc12c09963b","created":"2026-04-14T19:26:37.000Z","modified":"2026-04-14T19:26:37.000Z","valid_from":"2026-04-14T19:26:37.000Z","name":"45.138.16.64","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.138.16.64']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044135255955710208"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8966a357-db08-51bf-b76b-779eedbd9e3b","created":"2026-04-14T19:27:24.000Z","modified":"2026-04-14T19:27:24.000Z","valid_from":"2026-04-14T19:27:24.000Z","name":"lamotte.serv807539.pro","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lamotte.serv807539.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044135451104075924"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--45149abc-f3f1-568d-939e-39c3057ece83","created":"2026-04-14T19:27:24.000Z","modified":"2026-04-14T19:27:24.000Z","valid_from":"2026-04-14T19:27:24.000Z","name":"https://lamotte.serv807539.pro","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://lamotte.serv807539.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044135451104075924"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8f0aed4-3b9d-52e5-85a1-661a4fbc7e6b","created":"2026-04-14T19:31:53.000Z","modified":"2026-04-14T19:31:53.000Z","valid_from":"2026-04-14T19:31:53.000Z","name":"94.232.41.96","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.232.41.96']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044136581414453657"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9093b49-306e-5ec1-8dd7-8c2dc25c2b9f","created":"2026-04-14T19:41:57.000Z","modified":"2026-04-14T19:41:57.000Z","valid_from":"2026-04-14T19:41:57.000Z","name":"81.163.111.127","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '81.163.111.127']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2044139113830351011"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffd71f87-def8-5faf-9b1d-fe3216c6e600","created":"2026-04-14T19:41:57.000Z","modified":"2026-04-14T19:41:57.000Z","valid_from":"2026-04-14T19:41:57.000Z","name":"91.242.179.62","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.242.179.62']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2044139113830351011"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a1f087f-0d81-5796-adb4-e9e03117cd88","created":"2026-04-14T19:41:57.000Z","modified":"2026-04-14T19:41:57.000Z","valid_from":"2026-04-14T19:41:57.000Z","name":"91.242.179.84","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.242.179.84']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2044139113830351011"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8175aa1-fbb7-506e-b628-2ae19cc77e26","created":"2026-04-14T20:50:51.000Z","modified":"2026-04-14T20:50:51.000Z","valid_from":"2026-04-14T20:50:51.000Z","name":"billing-worker-operational.revenuecatalyst.net","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'billing-worker-operational.revenuecatalyst.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2044156453863264440"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44facfd9-0cf3-5cdd-9f8f-cc9f0cc63269","created":"2026-04-14T20:50:51.000Z","modified":"2026-04-14T20:50:51.000Z","valid_from":"2026-04-14T20:50:51.000Z","name":"http://billing-worker-operational.revenuecatalyst.net/982f0c18ff604b20998f8145d2f7b6be/?9dxcLx=BXrkgP","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://billing-worker-operational.revenuecatalyst.net/982f0c18ff604b20998f8145d2f7b6be/?9dxcLx=BXrkgP']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2044156453863264440"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29165498-66b4-5f0b-89d0-127515c97519","created":"2026-04-14T20:50:51.000Z","modified":"2026-04-14T20:50:51.000Z","valid_from":"2026-04-14T20:50:51.000Z","name":"revenuecatalyst.net","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'revenuecatalyst.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2044156453863264440"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5590ae9e-da44-5e26-9e3d-726974e38d60","created":"2026-04-14T20:50:51.000Z","modified":"2026-04-14T20:50:51.000Z","valid_from":"2026-04-14T20:50:51.000Z","name":"http://revenuecatalyst.net","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://revenuecatalyst.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2044156453863264440"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--479c914d-05c2-5515-a1fa-f694f097364b","created":"2026-04-14T21:00:59.000Z","modified":"2026-04-14T21:00:59.000Z","valid_from":"2026-04-14T21:00:59.000Z","name":"118.193.68.242","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '118.193.68.242']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044159001638608945"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ca6ac42-8ecd-51b6-89fd-9d26e37def48","created":"2026-04-14T21:02:45.000Z","modified":"2026-04-14T21:02:45.000Z","valid_from":"2026-04-14T21:02:45.000Z","name":"http://billing-worker-operational.revenuecatalyst.net/982f0c18ff604b209","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://billing-worker-operational.revenuecatalyst.net/982f0c18ff604b209']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044159448382362006"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8feb6690-0211-5842-a8a4-00d72ce27a8e","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"nvoaagent.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nvoaagent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--81ac3e11-431d-57c6-ab2b-305efb511b3f","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"http://nvoaagent.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nvoaagent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--775263a0-214e-51e5-83ca-121caf82488e","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"vastbets.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vastbets.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--103ca7f5-da27-52b5-a49e-327fbba4b890","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"http://vastbets.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vastbets.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b31b8e8d-0013-5b54-a14c-343bae2b09f3","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"upscaleaquatics.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'upscaleaquatics.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c4474009-1f43-598c-9697-af68e6b09495","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"http://upscaleaquatics.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://upscaleaquatics.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b8de672-42fa-51cf-9b6d-47b6346a21b1","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"mrakagent.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mrakagent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f409b3d8-3872-5270-bbba-fb0a24644392","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"http://mrakagent.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mrakagent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6e50e18-a528-5fc9-b732-083a5761da95","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"daarnagroup.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'daarnagroup.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4398f67e-c8ba-5d6c-a85e-e86de571385e","created":"2026-04-14T21:30:55.000Z","modified":"2026-04-14T21:30:55.000Z","valid_from":"2026-04-14T21:30:55.000Z","name":"http://daarnagroup.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://daarnagroup.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044166534185070783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f44950c-212b-549b-b4af-65e9801fb1df","created":"2026-04-14T21:36:48.000Z","modified":"2026-04-14T21:36:48.000Z","valid_from":"2026-04-14T21:36:48.000Z","name":"http://16.171.9.97","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://16.171.9.97']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044168017689346291"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--43cfef88-3aa5-5ec7-994b-17e618d58d9b","created":"2026-04-14T21:36:48.000Z","modified":"2026-04-14T21:36:48.000Z","valid_from":"2026-04-14T21:36:48.000Z","name":"16.171.9.97","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '16.171.9.97']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044168017689346291"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b4a3f48-ad5b-5eda-8389-660b591b7162","created":"2026-04-15T02:56:10.000Z","modified":"2026-04-15T02:56:10.000Z","valid_from":"2026-04-15T02:56:10.000Z","name":"eryvkxm.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eryvkxm.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044248387848155400"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf4adf53-49f5-593a-9fa1-e4f44721afde","created":"2026-04-15T02:56:10.000Z","modified":"2026-04-15T02:56:10.000Z","valid_from":"2026-04-15T02:56:10.000Z","name":"https://eryvkxm.cn/dvgrpkyx/dasdh231/das23w=familymarts/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://eryvkxm.cn/dvgrpkyx/dasdh231/das23w=familymarts/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044248387848155400"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8f0aed4-3b9d-52e5-85a1-661a4fbc7e6b","created":"2026-04-15T04:14:58.000Z","modified":"2026-04-15T04:14:58.000Z","valid_from":"2026-04-15T04:14:58.000Z","name":"94.232.41.96","description":"IOC reported by @banthisguy9349 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.232.41.96']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/banthisguy9349/status/2044268217313701989"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--31a9be5f-b262-5fea-a9bc-321bc8d7e993","created":"2026-04-15T05:20:20.000Z","modified":"2026-04-15T05:20:20.000Z","valid_from":"2026-04-15T05:20:20.000Z","name":"https://t.co/Aq","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://t.co/Aq']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044284667264749661"}],"labels":["AsyncRAT","opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9093b49-306e-5ec1-8dd7-8c2dc25c2b9f","created":"2026-04-15T05:20:20.000Z","modified":"2026-04-15T05:20:20.000Z","valid_from":"2026-04-15T05:20:20.000Z","name":"81.163.111.127","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '81.163.111.127']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044284667264749661"}],"labels":["AsyncRAT","opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a1f087f-0d81-5796-adb4-e9e03117cd88","created":"2026-04-15T05:20:20.000Z","modified":"2026-04-15T05:20:20.000Z","valid_from":"2026-04-15T05:20:20.000Z","name":"91.242.179.84","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.242.179.84']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044284667264749661"}],"labels":["AsyncRAT","opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffd71f87-def8-5faf-9b1d-fe3216c6e600","created":"2026-04-15T05:20:20.000Z","modified":"2026-04-15T05:20:20.000Z","valid_from":"2026-04-15T05:20:20.000Z","name":"91.242.179.62","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.242.179.62']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044284667264749661"}],"labels":["AsyncRAT","opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fc2899c-49de-5b96-aa78-4898df267799","created":"2026-04-15T05:20:20.000Z","modified":"2026-04-15T05:20:20.000Z","valid_from":"2026-04-15T05:20:20.000Z","name":"81.163.111.1","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '81.163.111.1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044284667264749661"}],"labels":["AsyncRAT","opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae9a6185-eaeb-5f13-be32-eb8e87472222","created":"2026-04-15T05:55:41.000Z","modified":"2026-04-15T05:55:41.000Z","valid_from":"2026-04-15T05:55:41.000Z","name":"http://t.me/curse_sbot","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t.me/curse_sbot']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2044293562721075686"}],"labels":["C2","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90c92296-b288-5a20-b91e-6fa100716f42","created":"2026-04-15T05:55:41.000Z","modified":"2026-04-15T05:55:41.000Z","valid_from":"2026-04-15T05:55:41.000Z","name":"https://t.me/+YWSpxxTVJOQ0MWFl","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://t.me/+YWSpxxTVJOQ0MWFl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2044293562721075686"}],"labels":["C2","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--467de8f4-17de-56d5-b613-2d8fd6dcd16a","created":"2026-04-15T05:55:41.000Z","modified":"2026-04-15T05:55:41.000Z","valid_from":"2026-04-15T05:55:41.000Z","name":"188.214.144.18","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '188.214.144.18']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2044293562721075686"}],"labels":["C2","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5afb9dea-76eb-503b-96c8-a445b409e3e3","created":"2026-04-15T06:02:21.000Z","modified":"2026-04-15T06:02:21.000Z","valid_from":"2026-04-15T06:02:21.000Z","name":"130.12.180.28","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '130.12.180.28']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2044295240425844975"}],"labels":["C2","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f8146dc-1d20-5938-959c-297e57dc96ca","created":"2026-04-15T06:12:24.000Z","modified":"2026-04-15T06:12:24.000Z","valid_from":"2026-04-15T06:12:24.000Z","name":"141.147.45.169","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '141.147.45.169']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2044297770341937339"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63b1949b-f79f-545e-9282-aed1219ae80c","created":"2026-04-15T06:42:50.000Z","modified":"2026-04-15T06:42:50.000Z","valid_from":"2026-04-15T06:42:50.000Z","name":"b03dc9aa68cf813f52396203aad03b0b","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'b03dc9aa68cf813f52396203aad03b0b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2044305430277697957"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c929dbb-380d-5eaa-aa54-14a4b7ac9904","created":"2026-04-15T06:59:07.000Z","modified":"2026-04-15T06:59:07.000Z","valid_from":"2026-04-15T06:59:07.000Z","name":"5.188.86.165","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '5.188.86.165']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044309528376672366"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5749c137-00d1-5123-85a3-3714570b1042","created":"2026-04-15T06:59:07.000Z","modified":"2026-04-15T06:59:07.000Z","valid_from":"2026-04-15T06:59:07.000Z","name":"8f63bdeb4e53f6c5a21e15568e62a104","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8f63bdeb4e53f6c5a21e15568e62a104']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044309528376672366"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d80100e1-d47d-5f08-9475-987d8508c885","created":"2026-04-15T06:59:07.000Z","modified":"2026-04-15T06:59:07.000Z","valid_from":"2026-04-15T06:59:07.000Z","name":"8067d537cff0e044f648f92fadf14aad","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8067d537cff0e044f648f92fadf14aad']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044309528376672366"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9827c23f-5c3a-5b4b-a092-fbf28c1b3952","created":"2026-04-15T07:06:54.000Z","modified":"2026-04-15T07:06:54.000Z","valid_from":"2026-04-15T07:06:54.000Z","name":"3c0238268ea94638cfe76969ae27e410","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '3c0238268ea94638cfe76969ae27e410']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2044311487007912063"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78877c22-47b3-5ecb-92f2-c281a5a2f008","created":"2026-04-15T07:29:40.000Z","modified":"2026-04-15T07:29:40.000Z","valid_from":"2026-04-15T07:29:40.000Z","name":"internetnewsfeed.com","description":"IOC reported by @Malwar3Ninja on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'internetnewsfeed.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwar3Ninja/status/2044317215944495383"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3961f324-0cae-5f6c-bfdd-9c54e0130a0f","created":"2026-04-15T07:29:40.000Z","modified":"2026-04-15T07:29:40.000Z","valid_from":"2026-04-15T07:29:40.000Z","name":"http://internetnewsfeed.com","description":"IOC reported by @Malwar3Ninja on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://internetnewsfeed.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwar3Ninja/status/2044317215944495383"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b50b98c3-ecd0-5d5a-a21a-282630b3d1f4","created":"2026-04-15T07:32:09.000Z","modified":"2026-04-15T07:32:09.000Z","valid_from":"2026-04-15T07:32:09.000Z","name":"bitpayment.cc","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bitpayment.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2044317842162528276"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d467ec0-6668-5958-bd7b-a03a31d45a4e","created":"2026-04-15T07:32:09.000Z","modified":"2026-04-15T07:32:09.000Z","valid_from":"2026-04-15T07:32:09.000Z","name":"https://bitpayment.cc","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bitpayment.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2044317842162528276"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab1c04ae-26b9-55aa-a0e2-f900f5f6661a","created":"2026-04-15T07:32:42.000Z","modified":"2026-04-15T07:32:42.000Z","valid_from":"2026-04-15T07:32:42.000Z","name":"mwork801.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mwork801.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044317977357492386"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--71e76527-a3fa-51f1-a6f1-170a974f5a27","created":"2026-04-15T07:32:42.000Z","modified":"2026-04-15T07:32:42.000Z","valid_from":"2026-04-15T07:32:42.000Z","name":"http://mwork801.com/gmail-login","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mwork801.com/gmail-login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044317977357492386"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d99f880-95cf-5b29-821f-df93b5ebdd75","created":"2026-04-15T07:32:42.000Z","modified":"2026-04-15T07:32:42.000Z","valid_from":"2026-04-15T07:32:42.000Z","name":"imtiyazholding.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imtiyazholding.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044317977357492386"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f3871e9-fe76-5dd8-91e5-35ad3c87c69d","created":"2026-04-15T07:32:42.000Z","modified":"2026-04-15T07:32:42.000Z","valid_from":"2026-04-15T07:32:42.000Z","name":"http://imtiyazholding.com/secured/gmail","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imtiyazholding.com/secured/gmail']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044317977357492386"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--95f5fa69-a3bd-5396-9883-414f93fb7076","created":"2026-04-15T07:36:53.000Z","modified":"2026-04-15T07:36:53.000Z","valid_from":"2026-04-15T07:36:53.000Z","name":"1sea.nikens.at","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '1sea.nikens.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044319030211747923"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e446c59-69a2-52ad-9875-6be14cefc065","created":"2026-04-15T07:36:53.000Z","modified":"2026-04-15T07:36:53.000Z","valid_from":"2026-04-15T07:36:53.000Z","name":"https://1sea.nikens.at/payouts/account/exchange-form","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://1sea.nikens.at/payouts/account/exchange-form']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044319030211747923"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--459f1f3d-9440-56be-acb6-ada9f4ab200f","created":"2026-04-15T07:37:59.000Z","modified":"2026-04-15T07:37:59.000Z","valid_from":"2026-04-15T07:37:59.000Z","name":"check.nid-log.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'check.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044319307975290960"}],"labels":["APT","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fcdcb03-cb50-5195-9e22-c831254b8ac2","created":"2026-04-15T07:37:59.000Z","modified":"2026-04-15T07:37:59.000Z","valid_from":"2026-04-15T07:37:59.000Z","name":"http://check.nid-log.com/pc/bootservice.php?tag=719&query=1","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://check.nid-log.com/pc/bootservice.php?tag=719&query=1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044319307975290960"}],"labels":["APT","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ea473fc-8bc1-58fc-a031-4168c281348f","created":"2026-04-15T07:37:59.000Z","modified":"2026-04-15T07:37:59.000Z","valid_from":"2026-04-15T07:37:59.000Z","name":"http://130.94.29.111","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://130.94.29.111']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044319307975290960"}],"labels":["APT","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0cab7858-7c16-5671-901d-976f6737eb7e","created":"2026-04-15T07:37:59.000Z","modified":"2026-04-15T07:37:59.000Z","valid_from":"2026-04-15T07:37:59.000Z","name":"130.94.29.111","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '130.94.29.111']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044319307975290960"}],"labels":["APT","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7b5e3d8-4521-5061-a002-2701f07643fb","created":"2026-04-15T08:06:00.000Z","modified":"2026-04-15T08:06:00.000Z","valid_from":"2026-04-15T08:06:00.000Z","name":"login.6v8hsntc.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.6v8hsntc.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044326359032574122"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac65a355-d2c0-5fe1-81a8-4b6d2492cb0f","created":"2026-04-15T08:06:00.000Z","modified":"2026-04-15T08:06:00.000Z","valid_from":"2026-04-15T08:06:00.000Z","name":"https://login.6v8hsntc.shop/login","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.6v8hsntc.shop/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044326359032574122"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b779731-729f-5757-99e7-bb3fb44a6bfa","created":"2026-04-15T08:16:53.000Z","modified":"2026-04-15T08:16:53.000Z","valid_from":"2026-04-15T08:16:53.000Z","name":"chitinozoan.cfd","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chitinozoan.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044329100421280241"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9405dbe-f845-5bd9-b0b0-2593b24716e4","created":"2026-04-15T08:16:53.000Z","modified":"2026-04-15T08:16:53.000Z","valid_from":"2026-04-15T08:16:53.000Z","name":"https://www.chitinozoan.cfd/ufBuSO","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.chitinozoan.cfd/ufBuSO']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044329100421280241"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a863888a-f5e0-5c91-bcf4-277503689424","created":"2026-04-15T08:16:53.000Z","modified":"2026-04-15T08:16:53.000Z","valid_from":"2026-04-15T08:16:53.000Z","name":"http://104.21.70.6","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.70.6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044329100421280241"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1265a97-0a60-5859-a3e0-a63fe372de6d","created":"2026-04-15T08:16:53.000Z","modified":"2026-04-15T08:16:53.000Z","valid_from":"2026-04-15T08:16:53.000Z","name":"http://172.67.217.69","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.217.69']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044329100421280241"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa7d5746-83d4-5780-9a24-63b450a3ae0b","created":"2026-04-15T08:36:33.000Z","modified":"2026-04-15T08:36:33.000Z","valid_from":"2026-04-15T08:36:33.000Z","name":"wvnbufxi.tjsadf.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wvnbufxi.tjsadf.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044334049515430373"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c92c4936-761e-5f8a-af85-0cc39faf5afa","created":"2026-04-15T08:36:33.000Z","modified":"2026-04-15T08:36:33.000Z","valid_from":"2026-04-15T08:36:33.000Z","name":"https://wvnbufxi.tjsadf.cn/firste/deafaudex/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wvnbufxi.tjsadf.cn/firste/deafaudex/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044334049515430373"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9a9e504-a5a2-50ee-8b04-8e1d58054c47","created":"2026-04-15T08:36:33.000Z","modified":"2026-04-15T08:36:33.000Z","valid_from":"2026-04-15T08:36:33.000Z","name":"http://43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044334049515430373"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a778ed-12bc-5745-aed6-1d018da22ec4","created":"2026-04-15T08:36:33.000Z","modified":"2026-04-15T08:36:33.000Z","valid_from":"2026-04-15T08:36:33.000Z","name":"43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044334049515430373"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a98484c-d2a4-5d1d-96f2-090d6cf33c18","created":"2026-04-15T08:45:42.000Z","modified":"2026-04-15T08:45:42.000Z","valid_from":"2026-04-15T08:45:42.000Z","name":"gwzokx.hnhcwl.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gwzokx.hnhcwl.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044336349680156934"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6f7bde9-fcc7-515c-ba19-ab06aa7bd4f1","created":"2026-04-15T08:45:42.000Z","modified":"2026-04-15T08:45:42.000Z","valid_from":"2026-04-15T08:45:42.000Z","name":"https://gwzokx.hnhcwl.cn/nety-wittr/featur/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://gwzokx.hnhcwl.cn/nety-wittr/featur/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044336349680156934"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e657233c-08c3-59c5-a632-6a441e6ece7c","created":"2026-04-15T09:32:03.000Z","modified":"2026-04-15T09:32:03.000Z","valid_from":"2026-04-15T09:32:03.000Z","name":"80.210.40.54","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '80.210.40.54']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044348014966227425"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b281072-b3f5-5877-9e67-82accc1bab69","created":"2026-04-15T09:32:03.000Z","modified":"2026-04-15T09:32:03.000Z","valid_from":"2026-04-15T09:32:03.000Z","name":"185.255.89.57","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.255.89.57']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044348014966227425"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--eda64621-70f4-5aeb-be75-3188c1d05ccb","created":"2026-04-15T09:32:03.000Z","modified":"2026-04-15T09:32:03.000Z","valid_from":"2026-04-15T09:32:03.000Z","name":"91.92.190.84","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.92.190.84']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044348014966227425"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--948e296e-cacd-5eb1-987a-e406efbdb7be","created":"2026-04-15T09:32:03.000Z","modified":"2026-04-15T09:32:03.000Z","valid_from":"2026-04-15T09:32:03.000Z","name":"2.182.253.245","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '2.182.253.245']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044348014966227425"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5653cbd4-0be7-58d8-ae72-ca1635ec629b","created":"2026-04-15T09:32:16.000Z","modified":"2026-04-15T09:32:16.000Z","valid_from":"2026-04-15T09:32:16.000Z","name":"8f916b6661e013ffbf318ed78e24a7c2","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8f916b6661e013ffbf318ed78e24a7c2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044348070733684802"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a96f148-a679-5332-9c96-85fd88222b9c","created":"2026-04-15T09:39:12.000Z","modified":"2026-04-15T09:39:12.000Z","valid_from":"2026-04-15T09:39:12.000Z","name":"71fc23b2a88e44ab84060227cf86f3fafacf22c948fe3fc5aa641cd7390ac8d2","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '71fc23b2a88e44ab84060227cf86f3fafacf22c948fe3fc5aa641cd7390ac8d2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044349812552716638"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--700178a8-c5cd-5787-a198-a632bca5a4dd","created":"2026-04-15T09:55:41.000Z","modified":"2026-04-15T09:55:41.000Z","valid_from":"2026-04-15T09:55:41.000Z","name":"https://github.com/cblootah/test/","description":"IOC reported by @petrovic082 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/cblootah/test/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/petrovic082/status/2044353963881906478"}],"labels":["malware","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--60175644-bbdf-5141-86f7-aa4902d9a0d5","created":"2026-04-15T09:59:45.000Z","modified":"2026-04-15T09:59:45.000Z","valid_from":"2026-04-15T09:59:45.000Z","name":"https://github.com/Hyperbolic531/Makethen/","description":"IOC reported by @petrovic082 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/Hyperbolic531/Makethen/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/petrovic082/status/2044354985408729508"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1885e3ac-db2f-5dc7-8c31-758550a2055f","created":"2026-04-15T10:01:46.000Z","modified":"2026-04-15T10:01:46.000Z","valid_from":"2026-04-15T10:01:46.000Z","name":"mintandcotton.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mintandcotton.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044355492332667057"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31fe1f32-156c-55d0-8ff3-f9a4bb800d51","created":"2026-04-15T10:01:46.000Z","modified":"2026-04-15T10:01:46.000Z","valid_from":"2026-04-15T10:01:46.000Z","name":"http://mintandcotton.com/.Admin/test/index.html","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mintandcotton.com/.Admin/test/index.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044355492332667057"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04260da5-f8be-55b4-91e4-fb68c7d2d24b","created":"2026-04-15T10:06:19.000Z","modified":"2026-04-15T10:06:19.000Z","valid_from":"2026-04-15T10:06:19.000Z","name":"http://ipfs.io/ipfs/bafybeig7m6ymhxquuawul7eutgialz5hto3benqc2k5r3pbzwksn4kty4q/","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ipfs.io/ipfs/bafybeig7m6ymhxquuawul7eutgialz5hto3benqc2k5r3pbzwksn4kty4q/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044356636467466710"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92220d9a-2fd1-50b0-8db6-25746eaaedc8","created":"2026-04-15T10:06:19.000Z","modified":"2026-04-15T10:06:19.000Z","valid_from":"2026-04-15T10:06:19.000Z","name":"mujerhoy.org","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mujerhoy.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044356636467466710"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c922eff-9ff4-5ddb-bcad-ecf30e8a93e3","created":"2026-04-15T10:06:19.000Z","modified":"2026-04-15T10:06:19.000Z","valid_from":"2026-04-15T10:06:19.000Z","name":"http://mujerhoy.org","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mujerhoy.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044356636467466710"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b1b1badb-0e0a-5579-bf07-f752fa8ea9d8","created":"2026-04-15T10:06:19.000Z","modified":"2026-04-15T10:06:19.000Z","valid_from":"2026-04-15T10:06:19.000Z","name":"http://mujerhoy.org/Requests/wp-include/official/docu042.php","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mujerhoy.org/Requests/wp-include/official/docu042.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044356636467466710"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bfdce8b3-8b94-5105-b1a9-3901c63593e4","created":"2026-04-15T10:19:12.000Z","modified":"2026-04-15T10:19:12.000Z","valid_from":"2026-04-15T10:19:12.000Z","name":"mx.prod-stpmex.click","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mx.prod-stpmex.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044359878869745760"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--20975fd1-06e5-507b-9cb2-ec7c3ccae04b","created":"2026-04-15T10:19:12.000Z","modified":"2026-04-15T10:19:12.000Z","valid_from":"2026-04-15T10:19:12.000Z","name":"https://mx.prod-stpmex.click","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mx.prod-stpmex.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044359878869745760"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--489f4bec-f413-502a-bff1-a6e9504cd665","created":"2026-04-15T10:41:07.000Z","modified":"2026-04-15T10:41:07.000Z","valid_from":"2026-04-15T10:41:07.000Z","name":"fc37d1e1e4301e466bdf21c2c8107d61","description":"IOC reported by @c3rb3ru5d3d53c on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'fc37d1e1e4301e466bdf21c2c8107d61']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/c3rb3ru5d3d53c/status/2044365397697175594"}],"labels":["AmosStealer","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15ce25e5-0db1-585d-9fb9-e3af834ac677","created":"2026-04-15T11:50:00.000Z","modified":"2026-04-15T11:50:00.000Z","valid_from":"2026-04-15T11:50:00.000Z","name":"185.228.83.217","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.228.83.217']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2044382730163802368"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1051d5ec-3fe1-5a06-b30e-5cf558e74bc8","created":"2026-04-15T13:47:02.000Z","modified":"2026-04-15T13:47:02.000Z","valid_from":"2026-04-15T13:47:02.000Z","name":"66.85.46.67","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '66.85.46.67']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2044412182843072604"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--518ed4f6-a80d-536d-9544-7791407f765e","created":"2026-04-15T14:07:51.000Z","modified":"2026-04-15T14:07:51.000Z","valid_from":"2026-04-15T14:07:51.000Z","name":"invstampvest.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invstampvest.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044417422606655769"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd92a61d-60cd-5822-a97d-d3eebf71173b","created":"2026-04-15T14:07:51.000Z","modified":"2026-04-15T14:07:51.000Z","valid_from":"2026-04-15T14:07:51.000Z","name":"http://invstampvest.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invstampvest.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044417422606655769"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--97c80467-395d-54b6-a1a0-99d83ee7949c","created":"2026-04-15T15:12:17.000Z","modified":"2026-04-15T15:12:17.000Z","valid_from":"2026-04-15T15:12:17.000Z","name":"psca-gop.org","description":"IOC reported by @ShadowChasing1 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'psca-gop.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowChasing1/status/2044433635206738351"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3069a67-cd59-5d0d-b0a9-9dd2a8ce9d7c","created":"2026-04-15T15:12:17.000Z","modified":"2026-04-15T15:12:17.000Z","valid_from":"2026-04-15T15:12:17.000Z","name":"http://psca-gop.org","description":"IOC reported by @ShadowChasing1 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://psca-gop.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowChasing1/status/2044433635206738351"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--de82a562-640d-5060-8597-9e96b5bccd9b","created":"2026-04-15T15:23:00.000Z","modified":"2026-04-15T15:23:00.000Z","valid_from":"2026-04-15T15:23:00.000Z","name":"2bc6d94d53a8801b459c6fcb2ff12d4db913e3a198866bfc9838f583760b33ba","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '2bc6d94d53a8801b459c6fcb2ff12d4db913e3a198866bfc9838f583760b33ba']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2044436336187466237"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6476cb36-74a4-5bac-9afa-5e35ea4e3142","created":"2026-04-15T18:19:00.000Z","modified":"2026-04-15T18:19:00.000Z","valid_from":"2026-04-15T18:19:00.000Z","name":"157.230.46.114","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '157.230.46.114']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2044480624761745866"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bdf5f1aa-c9aa-5d40-9817-448070cd4ae8","created":"2026-04-15T19:04:44.000Z","modified":"2026-04-15T19:04:44.000Z","valid_from":"2026-04-15T19:04:44.000Z","name":"ncodbvpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodbvpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044492134250639632"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d6340d7-11a5-5136-870c-23870e134ee4","created":"2026-04-15T19:04:44.000Z","modified":"2026-04-15T19:04:44.000Z","valid_from":"2026-04-15T19:04:44.000Z","name":"http://ncodbvpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodbvpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044492134250639632"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10ff7f64-9622-5fc4-a56a-03bac2e50b5e","created":"2026-04-15T21:00:58.000Z","modified":"2026-04-15T21:00:58.000Z","valid_from":"2026-04-15T21:00:58.000Z","name":"geebytescloud.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'geebytescloud.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2044521387507720675"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18ff2f32-a4ed-5d84-8e85-417baa7cf9bc","created":"2026-04-15T21:00:58.000Z","modified":"2026-04-15T21:00:58.000Z","valid_from":"2026-04-15T21:00:58.000Z","name":"http://geebytescloud.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://geebytescloud.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2044521387507720675"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9578f3cf-ada2-5b31-b6a1-19f8b3deb412","created":"2026-04-15T21:00:58.000Z","modified":"2026-04-15T21:00:58.000Z","valid_from":"2026-04-15T21:00:58.000Z","name":"geebytes.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'geebytes.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2044521387507720675"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba58c09b-1901-5a9d-8931-3d0373f15094","created":"2026-04-15T21:00:58.000Z","modified":"2026-04-15T21:00:58.000Z","valid_from":"2026-04-15T21:00:58.000Z","name":"http://geebytes.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://geebytes.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2044521387507720675"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--945e4c48-f229-5ae2-8309-6913e41abdf8","created":"2026-04-15T21:14:07.000Z","modified":"2026-04-15T21:14:07.000Z","valid_from":"2026-04-15T21:14:07.000Z","name":"suspected-corpus-disco-colleagues.trycloudflare.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'suspected-corpus-disco-colleagues.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2044524697547587794"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--77065a88-e297-5db9-9f63-2238b10d2739","created":"2026-04-15T21:14:07.000Z","modified":"2026-04-15T21:14:07.000Z","valid_from":"2026-04-15T21:14:07.000Z","name":"https://suspected-corpus-disco-colleagues.trycloudflare.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://suspected-corpus-disco-colleagues.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2044524697547587794"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--544132d3-d2ec-5b80-ba5f-70a6c95a87f1","created":"2026-04-15T21:52:40.000Z","modified":"2026-04-15T21:52:40.000Z","valid_from":"2026-04-15T21:52:40.000Z","name":"2d2b25279ef9365420acec120b98b3b4","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '2d2b25279ef9365420acec120b98b3b4']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044534397265707394"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--be2aef0f-2377-5cdf-9433-86b32e7a02aa","created":"2026-04-15T22:38:38.000Z","modified":"2026-04-15T22:38:38.000Z","valid_from":"2026-04-15T22:38:38.000Z","name":"66.225.201.73","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '66.225.201.73']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044545962853429522"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--847d8274-f9a4-57d6-9bae-8fd92cf32765","created":"2026-04-16T00:22:35.000Z","modified":"2026-04-16T00:22:35.000Z","valid_from":"2026-04-16T00:22:35.000Z","name":"b8no2fhz.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'b8no2fhz.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044572125584048555"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--814e1918-d08e-5656-8a77-a5779b32e300","created":"2026-04-16T00:22:35.000Z","modified":"2026-04-16T00:22:35.000Z","valid_from":"2026-04-16T00:22:35.000Z","name":"https://www.b8no2fhz.shop/login","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.b8no2fhz.shop/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044572125584048555"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0cc5c6d3-506e-5267-8400-bbc5ff4a0616","created":"2026-04-16T00:53:31.000Z","modified":"2026-04-16T00:53:31.000Z","valid_from":"2026-04-16T00:53:31.000Z","name":"66.235.175.48","description":"IOC reported by @st22102 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '66.235.175.48']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/st22102/status/2044579908987572552"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7accb84-f457-5e2a-bd23-a0731ee689ba","created":"2026-04-16T00:53:31.000Z","modified":"2026-04-16T00:53:31.000Z","valid_from":"2026-04-16T00:53:31.000Z","name":"165.140.86.52","description":"IOC reported by @st22102 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '165.140.86.52']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/st22102/status/2044579908987572552"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7f61f5a-3910-55dd-bb44-acc39f5d715b","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"claro-5g.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'claro-5g.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b47c6521-e117-5c1f-8081-e773ef15b45e","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"https://www.claro-5g.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.claro-5g.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--331bfa3f-b295-56ce-8ca4-83e699072b55","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"vietchinhphu.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vietchinhphu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--422b98f4-ea7b-5cc4-af52-e06fed2991fc","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"https://vietchinhphu.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://vietchinhphu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7588ed97-196f-5e51-841c-b8d3ef06a358","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"cellfinexchange.xyz","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cellfinexchange.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7011ee47-147a-5500-984f-78edd15c3640","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"https://cellfinexchange.xyz","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cellfinexchange.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d39fb182-93d4-5211-b3cf-4ce013d63766","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"nec-moneybd.top","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nec-moneybd.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50baaff5-29d6-51f1-bcfd-0dcd509a131d","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"https://nec-moneybd.top","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nec-moneybd.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03fba499-262e-5395-9603-c3c772546fb0","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"quickmoneyapp.top","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'quickmoneyapp.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a8abe48-d1fe-5304-9073-3369c397edf5","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"https://quickmoneyapp.top","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://quickmoneyapp.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8989b0bb-3c04-5e9b-a16d-9a161436de59","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"atualizacao-apps.click","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'atualizacao-apps.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0382d30e-72b2-5fe0-bdcb-3506639dbac4","created":"2026-04-16T01:46:43.000Z","modified":"2026-04-16T01:46:43.000Z","valid_from":"2026-04-16T01:46:43.000Z","name":"https://atualizacao-apps.click","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://atualizacao-apps.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044593299407634880"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e81c2868-380a-5f51-91eb-b936998784df","created":"2026-04-16T02:05:00.000Z","modified":"2026-04-16T02:05:00.000Z","valid_from":"2026-04-16T02:05:00.000Z","name":"g-call.net","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'g-call.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044597897853825158"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b15ae6cf-64a6-53e2-9f6c-639a28964e7b","created":"2026-04-16T02:05:00.000Z","modified":"2026-04-16T02:05:00.000Z","valid_from":"2026-04-16T02:05:00.000Z","name":"https://g-call.net","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://g-call.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044597897853825158"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7229b3c3-3c1f-5733-8879-967895f5d393","created":"2026-04-16T02:05:00.000Z","modified":"2026-04-16T02:05:00.000Z","valid_from":"2026-04-16T02:05:00.000Z","name":"mymeetingtoday.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mymeetingtoday.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044597897853825158"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93a7b507-fe6e-593d-ab76-fba6c861c242","created":"2026-04-16T02:05:00.000Z","modified":"2026-04-16T02:05:00.000Z","valid_from":"2026-04-16T02:05:00.000Z","name":"https://mymeetingtoday.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mymeetingtoday.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2044597897853825158"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adf5badc-c986-509a-8b0d-fa02c095bd2b","created":"2026-04-16T03:57:18.000Z","modified":"2026-04-16T03:57:18.000Z","valid_from":"2026-04-16T03:57:18.000Z","name":"d59ea9eeefddf356e863a5442e4c90a95d4ba72c477125d57128dff9c7763b0c","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd59ea9eeefddf356e863a5442e4c90a95d4ba72c477125d57128dff9c7763b0c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044626161972474247"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--04298e46-bf91-59ef-85f9-34ba123b7692","created":"2026-04-16T03:59:58.000Z","modified":"2026-04-16T03:59:58.000Z","valid_from":"2026-04-16T03:59:58.000Z","name":"timexy.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'timexy.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044626830293164529"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22223afe-d591-5823-987a-4d1b5a667466","created":"2026-04-16T03:59:58.000Z","modified":"2026-04-16T03:59:58.000Z","valid_from":"2026-04-16T03:59:58.000Z","name":"https://timexy.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://timexy.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044626830293164529"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17cc8df1-7b84-5b4a-aa3f-37399ecfb7a1","created":"2026-04-16T05:53:37.000Z","modified":"2026-04-16T05:53:37.000Z","valid_from":"2026-04-16T05:53:37.000Z","name":"orpi-assurance.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'orpi-assurance.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044655433013436798"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9784af2-e2d8-5e97-a70b-8c78a2d6efd5","created":"2026-04-16T05:53:37.000Z","modified":"2026-04-16T05:53:37.000Z","valid_from":"2026-04-16T05:53:37.000Z","name":"https://www.orpi-assurance.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.orpi-assurance.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044655433013436798"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fdfe0a17-73cf-581a-b231-28dc8ed96564","created":"2026-04-16T05:53:37.000Z","modified":"2026-04-16T05:53:37.000Z","valid_from":"2026-04-16T05:53:37.000Z","name":"45.138.16.33","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.138.16.33']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044655433013436798"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93f27d93-0a22-5b81-a5d9-26b277a7bc6a","created":"2026-04-16T07:05:20.000Z","modified":"2026-04-16T07:05:20.000Z","valid_from":"2026-04-16T07:05:20.000Z","name":"jameeeswt.com","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jameeeswt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044673481460101369"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28a38790-e14b-52c3-a7c5-627da67ffe9f","created":"2026-04-16T07:05:20.000Z","modified":"2026-04-16T07:05:20.000Z","valid_from":"2026-04-16T07:05:20.000Z","name":"https://jameeeswt.com","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jameeeswt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044673481460101369"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4a41874-022d-5081-a3a8-ab08c586eda6","created":"2026-04-16T07:05:20.000Z","modified":"2026-04-16T07:05:20.000Z","valid_from":"2026-04-16T07:05:20.000Z","name":"91.92.34.113","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.92.34.113']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044673481460101369"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fac0c0cf-de64-58f6-84ce-da9ebc67f921","created":"2026-04-16T07:31:30.000Z","modified":"2026-04-16T07:31:30.000Z","valid_from":"2026-04-16T07:31:30.000Z","name":"dhvuuxhmt.qh399063.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dhvuuxhmt.qh399063.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044680066504990891"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--01ac135d-f6aa-5db4-be5a-556e792f8f4f","created":"2026-04-16T07:31:30.000Z","modified":"2026-04-16T07:31:30.000Z","valid_from":"2026-04-16T07:31:30.000Z","name":"https://dhvuuxhmt.qh399063.cn/RSV_P/smart_index.htm/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dhvuuxhmt.qh399063.cn/RSV_P/smart_index.htm/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044680066504990891"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a778ed-12bc-5745-aed6-1d018da22ec4","created":"2026-04-16T07:31:30.000Z","modified":"2026-04-16T07:31:30.000Z","valid_from":"2026-04-16T07:31:30.000Z","name":"43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044680066504990891"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa7d5746-83d4-5780-9a24-63b450a3ae0b","created":"2026-04-16T07:59:20.000Z","modified":"2026-04-16T07:59:20.000Z","valid_from":"2026-04-16T07:59:20.000Z","name":"wvnbufxi.tjsadf.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wvnbufxi.tjsadf.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044687068010631556"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c92c4936-761e-5f8a-af85-0cc39faf5afa","created":"2026-04-16T07:59:20.000Z","modified":"2026-04-16T07:59:20.000Z","valid_from":"2026-04-16T07:59:20.000Z","name":"https://wvnbufxi.tjsadf.cn/firste/deafaudex/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wvnbufxi.tjsadf.cn/firste/deafaudex/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2044687068010631556"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1dfd567-5f35-56db-838b-9662fd816034","created":"2026-04-16T09:12:53.000Z","modified":"2026-04-16T09:12:53.000Z","valid_from":"2026-04-16T09:12:53.000Z","name":"mac-cleanup-space.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mac-cleanup-space.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044705578283565527"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26a62d13-b0c4-5654-bcad-2fc30614f37e","created":"2026-04-16T09:12:53.000Z","modified":"2026-04-16T09:12:53.000Z","valid_from":"2026-04-16T09:12:53.000Z","name":"http://mac-cleanup-space.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mac-cleanup-space.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044705578283565527"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14fee08c-611c-5bdb-b761-4c68c2b1523b","created":"2026-04-16T09:12:53.000Z","modified":"2026-04-16T09:12:53.000Z","valid_from":"2026-04-16T09:12:53.000Z","name":"peaecagent.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'peaecagent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044705578283565527"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--711b4a77-5251-5c38-9e11-27d377d734a8","created":"2026-04-16T09:12:53.000Z","modified":"2026-04-16T09:12:53.000Z","valid_from":"2026-04-16T09:12:53.000Z","name":"http://peaecagent.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://peaecagent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044705578283565527"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41dbbe1c-e155-59b4-8094-cf45505f4dd8","created":"2026-04-16T10:01:52.000Z","modified":"2026-04-16T10:01:52.000Z","valid_from":"2026-04-16T10:01:52.000Z","name":"ebe34bb6294a08c01fed57de8f9ee0b2","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'ebe34bb6294a08c01fed57de8f9ee0b2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2044717907528307113"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46af167d-0aca-5a0b-9e53-e1d257d62cb4","created":"2026-04-16T10:37:22.000Z","modified":"2026-04-16T10:37:22.000Z","valid_from":"2026-04-16T10:37:22.000Z","name":"http://47.243.155.154","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://47.243.155.154']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044726838300151886"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--665b704b-bd93-59e6-b064-a9c8264da5ee","created":"2026-04-16T10:37:22.000Z","modified":"2026-04-16T10:37:22.000Z","valid_from":"2026-04-16T10:37:22.000Z","name":"47.243.155.154","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.243.155.154']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044726838300151886"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0befc0f6-bd07-5ad1-ae37-da01bf7d2f34","created":"2026-04-16T11:02:22.000Z","modified":"2026-04-16T11:02:22.000Z","valid_from":"2026-04-16T11:02:22.000Z","name":"6afdbaf73028607b49f725467bf5dce4bb9f8c7b7095e43f09ecfce94b450fd4","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '6afdbaf73028607b49f725467bf5dce4bb9f8c7b7095e43f09ecfce94b450fd4']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044733130905358728"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--467de8f4-17de-56d5-b613-2d8fd6dcd16a","created":"2026-04-16T11:07:44.000Z","modified":"2026-04-16T11:07:44.000Z","valid_from":"2026-04-16T11:07:44.000Z","name":"188.214.144.18","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '188.214.144.18']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044734481941053479"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab76b0c7-cffb-553d-aced-0ae7b17f355b","created":"2026-04-16T11:11:36.000Z","modified":"2026-04-16T11:11:36.000Z","valid_from":"2026-04-16T11:11:36.000Z","name":"http://137.184.76.171","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://137.184.76.171']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044735454759502253"}],"labels":["Mythic"]},{"type":"indicator","spec_version":"2.1","id":"indicator--946da6b1-472c-5f06-b273-cdca95d2d358","created":"2026-04-16T11:11:36.000Z","modified":"2026-04-16T11:11:36.000Z","valid_from":"2026-04-16T11:11:36.000Z","name":"137.184.76.171","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '137.184.76.171']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044735454759502253"}],"labels":["Mythic"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1f6a0af-e9cf-5faf-a77d-75ec05e336d5","created":"2026-04-16T11:16:07.000Z","modified":"2026-04-16T11:16:07.000Z","valid_from":"2026-04-16T11:16:07.000Z","name":"190.242.96.21","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '190.242.96.21']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044736593101996538"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ccc4cb4e-83a0-5e06-9415-14be037b434a","created":"2026-04-16T11:19:02.000Z","modified":"2026-04-16T11:19:02.000Z","valid_from":"2026-04-16T11:19:02.000Z","name":"ink.trontrading.org","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ink.trontrading.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2044737324433489985"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ebd5c0a-d742-5db2-b0bb-c38716886663","created":"2026-04-16T11:19:02.000Z","modified":"2026-04-16T11:19:02.000Z","valid_from":"2026-04-16T11:19:02.000Z","name":"http://ink.trontrading.org","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ink.trontrading.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2044737324433489985"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--02cbf27e-d38c-5f5d-bdd9-aebf7d93d549","created":"2026-04-16T11:29:29.000Z","modified":"2026-04-16T11:29:29.000Z","valid_from":"2026-04-16T11:29:29.000Z","name":"http://167.235.234.45","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://167.235.234.45']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044739954585088477"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--07ba5040-fbc6-5250-a0f4-fed110dbcc98","created":"2026-04-16T11:29:29.000Z","modified":"2026-04-16T11:29:29.000Z","valid_from":"2026-04-16T11:29:29.000Z","name":"167.235.234.45","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '167.235.234.45']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044739954585088477"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--87d40128-25b5-545e-bc91-0d70195f8d3b","created":"2026-04-16T12:44:36.000Z","modified":"2026-04-16T12:44:36.000Z","valid_from":"2026-04-16T12:44:36.000Z","name":"depositovisual.com","description":"IOC reported by @Coolcarlos17 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'depositovisual.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Coolcarlos17/status/2044758860343230687"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81ffc41d-36ac-57d4-ab42-1c4cd66be77f","created":"2026-04-16T12:44:36.000Z","modified":"2026-04-16T12:44:36.000Z","valid_from":"2026-04-16T12:44:36.000Z","name":"https://www.depositovisual.com","description":"IOC reported by @Coolcarlos17 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.depositovisual.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Coolcarlos17/status/2044758860343230687"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5bf98f03-ac95-5b3d-b59f-0f4a2f402d94","created":"2026-04-16T12:47:25.000Z","modified":"2026-04-16T12:47:25.000Z","valid_from":"2026-04-16T12:47:25.000Z","name":"redeconstrudecor.com","description":"IOC reported by @Coolcarlos17 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'redeconstrudecor.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Coolcarlos17/status/2044759569675542858"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e27a8d19-1f0e-592d-a455-4e915c27b467","created":"2026-04-16T12:47:25.000Z","modified":"2026-04-16T12:47:25.000Z","valid_from":"2026-04-16T12:47:25.000Z","name":"https://redeconstrudecor.com","description":"IOC reported by @Coolcarlos17 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://redeconstrudecor.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Coolcarlos17/status/2044759569675542858"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82f92421-6f21-5d29-8f2f-855c21fc7091","created":"2026-04-16T12:51:16.000Z","modified":"2026-04-16T12:51:16.000Z","valid_from":"2026-04-16T12:51:16.000Z","name":"souzahidraulica.com.br","description":"IOC reported by @Coolcarlos17 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'souzahidraulica.com.br']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Coolcarlos17/status/2044760538899427328"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fc75d0f-7f4f-5783-a7b0-1c6181d5a2e9","created":"2026-04-16T12:51:16.000Z","modified":"2026-04-16T12:51:16.000Z","valid_from":"2026-04-16T12:51:16.000Z","name":"https://www.souzahidraulica.com.br","description":"IOC reported by @Coolcarlos17 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.souzahidraulica.com.br']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Coolcarlos17/status/2044760538899427328"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--69e697e5-6be2-5a5e-a208-41bd3c18faa3","created":"2026-04-16T13:08:58.000Z","modified":"2026-04-16T13:08:58.000Z","valid_from":"2026-04-16T13:08:58.000Z","name":"qovrentina.com","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'qovrentina.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044764992721842676"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58c5edbf-a7b8-543a-bb64-519d5a50bf8a","created":"2026-04-16T13:08:58.000Z","modified":"2026-04-16T13:08:58.000Z","valid_from":"2026-04-16T13:08:58.000Z","name":"http://qovrentina.com:443","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://qovrentina.com:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044764992721842676"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39817bba-495a-59ff-bde5-a286061f6466","created":"2026-04-16T13:08:58.000Z","modified":"2026-04-16T13:08:58.000Z","valid_from":"2026-04-16T13:08:58.000Z","name":"wexalrivo.com","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wexalrivo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044764992721842676"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a0af60d-f9bc-59f9-a84a-4128400641df","created":"2026-04-16T13:08:58.000Z","modified":"2026-04-16T13:08:58.000Z","valid_from":"2026-04-16T13:08:58.000Z","name":"http://wexalrivo.com:443","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wexalrivo.com:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044764992721842676"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b35f94d6-c6f2-536d-94c7-40a23fe7c896","created":"2026-04-16T13:08:58.000Z","modified":"2026-04-16T13:08:58.000Z","valid_from":"2026-04-16T13:08:58.000Z","name":"193.24.211.242","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.24.211.242']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044764992721842676"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ebf9d78-eb17-50c6-8a4e-b4da1134343c","created":"2026-04-16T13:08:58.000Z","modified":"2026-04-16T13:08:58.000Z","valid_from":"2026-04-16T13:08:58.000Z","name":"ad1b4330de88bbb49c052ce4e681aebb","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'ad1b4330de88bbb49c052ce4e681aebb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2044764992721842676"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eccf532c-d23c-5ca2-bf16-b4828d86c268","created":"2026-04-16T13:25:58.000Z","modified":"2026-04-16T13:25:58.000Z","valid_from":"2026-04-16T13:25:58.000Z","name":"login.bmfzs776.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.bmfzs776.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2044769269217665437"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a752a87-a451-5893-8cbe-25e1acba5ec7","created":"2026-04-16T13:25:58.000Z","modified":"2026-04-16T13:25:58.000Z","valid_from":"2026-04-16T13:25:58.000Z","name":"https://login.bmfzs776.com/SM8ilqAn","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.bmfzs776.com/SM8ilqAn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2044769269217665437"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7c06e22-fbc0-55ef-98ef-604a8982c643","created":"2026-04-16T13:25:58.000Z","modified":"2026-04-16T13:25:58.000Z","valid_from":"2026-04-16T13:25:58.000Z","name":"6v8hsntc.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '6v8hsntc.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2044769269217665437"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe36c7dd-f71a-54ec-b5e2-6ea9b589787f","created":"2026-04-16T13:25:58.000Z","modified":"2026-04-16T13:25:58.000Z","valid_from":"2026-04-16T13:25:58.000Z","name":"https://www.6v8hsntc.shop/6u1c3zfs","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.6v8hsntc.shop/6u1c3zfs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2044769269217665437"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8942bf9-2e17-51d5-a188-96c23b6c757b","created":"2026-04-16T13:35:13.000Z","modified":"2026-04-16T13:35:13.000Z","valid_from":"2026-04-16T13:35:13.000Z","name":"pozogupoc.z1.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pozogupoc.z1.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2044771597886919163"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8ceb7f1-24f7-5c2a-90cf-64bad592343a","created":"2026-04-16T13:35:13.000Z","modified":"2026-04-16T13:35:13.000Z","valid_from":"2026-04-16T13:35:13.000Z","name":"https://pozogupoc.z1.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pozogupoc.z1.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2044771597886919163"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec4e48a1-90b2-5553-935c-b17cda5375ba","created":"2026-04-16T13:35:13.000Z","modified":"2026-04-16T13:35:13.000Z","valid_from":"2026-04-16T13:35:13.000Z","name":"20.150.121.129","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '20.150.121.129']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2044771597886919163"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ce52dfe-fe5a-5e14-92b0-f64ce3e63fb5","created":"2026-04-16T13:38:16.000Z","modified":"2026-04-16T13:38:16.000Z","valid_from":"2026-04-16T13:38:16.000Z","name":"https://storage.googleapis.com/open","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://storage.googleapis.com/open']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044772366551519720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8145b5b-78e9-57fe-a09d-fa91c7c28ef3","created":"2026-04-16T13:38:16.000Z","modified":"2026-04-16T13:38:16.000Z","valid_from":"2026-04-16T13:38:16.000Z","name":"61ad516612d11eb7ae3859a16bb741671a33a47d720b20b3d5ae63365aedaad5","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '61ad516612d11eb7ae3859a16bb741671a33a47d720b20b3d5ae63365aedaad5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044772366551519720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--11aa3094-d114-5e78-bde9-7898a1e510f0","created":"2026-04-16T13:41:18.000Z","modified":"2026-04-16T13:41:18.000Z","valid_from":"2026-04-16T13:41:18.000Z","name":"apple.driver-store.com","description":"IOC reported by @GenThreatLabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'apple.driver-store.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/GenThreatLabs/status/2044773127541207467"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2f10020-5bf5-58f1-b4c9-3027253ecc1e","created":"2026-04-16T13:41:18.000Z","modified":"2026-04-16T13:41:18.000Z","valid_from":"2026-04-16T13:41:18.000Z","name":"http://apple.driver-store.com","description":"IOC reported by @GenThreatLabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://apple.driver-store.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/GenThreatLabs/status/2044773127541207467"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a6f0416-cc76-59ba-8011-9a78e40a6135","created":"2026-04-16T13:47:10.000Z","modified":"2026-04-16T13:47:10.000Z","valid_from":"2026-04-16T13:47:10.000Z","name":"hostcreed.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hostcreed.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2044774606603448748"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--795da4fd-00aa-5ff0-b59a-20aa5694aaa9","created":"2026-04-16T13:47:10.000Z","modified":"2026-04-16T13:47:10.000Z","valid_from":"2026-04-16T13:47:10.000Z","name":"http://hostcreed.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hostcreed.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2044774606603448748"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2725677-bf13-5bd3-a58a-5bbfc206159f","created":"2026-04-16T13:47:10.000Z","modified":"2026-04-16T13:47:10.000Z","valid_from":"2026-04-16T13:47:10.000Z","name":"ns1.hlogicdock.cloud","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ns1.hlogicdock.cloud']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2044774606603448748"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1856c0b-6c89-52f5-bd86-7336e4df818a","created":"2026-04-16T13:47:10.000Z","modified":"2026-04-16T13:47:10.000Z","valid_from":"2026-04-16T13:47:10.000Z","name":"http://ns1.hlogicdock.cloud","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ns1.hlogicdock.cloud']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2044774606603448748"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e5ef141-6235-5f75-b82c-7897cbff6d8f","created":"2026-04-16T14:49:55.000Z","modified":"2026-04-16T14:49:55.000Z","valid_from":"2026-04-16T14:49:55.000Z","name":"92.205.28.254","description":"IOC reported by @marcandrebeaul1 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '92.205.28.254']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/marcandrebeaul1/status/2044790397063344301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3bf6417-1a1a-5207-8c61-c455cba477b2","created":"2026-04-16T14:50:23.000Z","modified":"2026-04-16T14:50:23.000Z","valid_from":"2026-04-16T14:50:23.000Z","name":"robiox.com.ps","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'robiox.com.ps']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044790512486380024"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4f44fd9-efc5-52c5-ae82-e6b76022ef37","created":"2026-04-16T14:50:23.000Z","modified":"2026-04-16T14:50:23.000Z","valid_from":"2026-04-16T14:50:23.000Z","name":"179.43.150.242","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '179.43.150.242']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2044790512486380024"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2886ccb-23cd-533a-ba20-03a7e8a7df8a","created":"2026-04-16T15:16:12.000Z","modified":"2026-04-16T15:16:12.000Z","valid_from":"2026-04-16T15:16:12.000Z","name":"recallnine.info","description":"IOC reported by @ThreatOpsX on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'recallnine.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ThreatOpsX/status/2044797009060634744"}],"labels":["ClickFix","FakeCaptcha"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76103980-33b5-552f-887c-a76eda20647a","created":"2026-04-16T15:16:12.000Z","modified":"2026-04-16T15:16:12.000Z","valid_from":"2026-04-16T15:16:12.000Z","name":"http://recallnine.info","description":"IOC reported by @ThreatOpsX on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://recallnine.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ThreatOpsX/status/2044797009060634744"}],"labels":["ClickFix","FakeCaptcha"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15ce25e5-0db1-585d-9fb9-e3af834ac677","created":"2026-04-16T16:05:27.000Z","modified":"2026-04-16T16:05:27.000Z","valid_from":"2026-04-16T16:05:27.000Z","name":"185.228.83.217","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.228.83.217']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044809406404018375"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed811633-90b1-5b3d-93b4-e21f1f115451","created":"2026-04-16T16:38:18.000Z","modified":"2026-04-16T16:38:18.000Z","valid_from":"2026-04-16T16:38:18.000Z","name":"Maxstresser.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Maxstresser.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044817671376470245"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5320eef5-25bf-5475-b064-c373d1dffc56","created":"2026-04-16T16:38:18.000Z","modified":"2026-04-16T16:38:18.000Z","valid_from":"2026-04-16T16:38:18.000Z","name":"http://Maxstresser.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Maxstresser.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044817671376470245"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c414de4b-6ad4-5129-94da-c2341c28a03c","created":"2026-04-16T17:54:54.000Z","modified":"2026-04-16T17:54:54.000Z","valid_from":"2026-04-16T17:54:54.000Z","name":"https://storage.googleapis.com/opentokenaiit/%E3%83%AA%E3%82%B9%E3%83%88%E3%83%A9%E9%80%9A%E7%9F%A5%E6%9B%B8.pdf","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://storage.googleapis.com/opentokenaiit/%E3%83%AA%E3%82%B9%E3%83%88%E3%83%A9%E9%80%9A%E7%9F%A5%E6%9B%B8.pdf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044836948032827759"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7267843-30bc-501e-bb95-1a39caf6ef35","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"ncodbvverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodbvverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bad33f4-5644-5d36-9cf1-3f9c0e684cdf","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"http://ncodbvverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodbvverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe338e26-9d31-574d-b9da-0c323e622127","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"nid.ncodbvverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ncodbvverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec7c4cce-7859-56a8-9f78-94e682106047","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"http://nid.ncodbvverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ncodbvverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52efc27f-7c98-5c9d-a475-049454120b36","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"ncodbsverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodbsverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd6f3c74-262d-5dee-a24b-5e0c0636db13","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"http://ncodbsverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodbsverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--548718f8-5c37-50ca-9de2-62749a2bd1b6","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"ndocazverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocazverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--baa9e367-3061-5ccd-9ce1-9466b1d7575e","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"http://ndocazverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocazverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--934b4f80-64ab-5b4f-b3ac-f0ee4b3a4040","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"nid.ndocazverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ndocazverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2dc6f96-f488-53b9-8e80-356f24368ee1","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"http://nid.ndocazverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ndocazverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1b8bd03-527c-5daf-ad6c-a0ce2fd70de6","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"ndocawverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocawverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a5b66a7-c1cd-5088-9a33-1c1e14c04873","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"http://ndocawverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocawverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1ca99d0-ae53-5998-bfa8-fb1242afc7ae","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"ndocadverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocadverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d062f407-fcb5-5083-9d45-138acf2df356","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"http://ndocadverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocadverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d5360a4-3e0e-5514-a447-4467f0fae90f","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"ndocayverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocayverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22e9f214-f727-5f03-a9de-555ba7f50fae","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"http://ndocayverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocayverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27a6458e-403d-5d89-aa32-59752f9f07aa","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"ndocavverify.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocavverify.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c9eec74-f98b-545c-a03b-a221b530a871","created":"2026-04-16T18:19:12.000Z","modified":"2026-04-16T18:19:12.000Z","valid_from":"2026-04-16T18:19:12.000Z","name":"http://ndocavverify.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocavverify.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044843064745681374"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bfcaf6fb-2843-5b4d-8677-843265cb77c1","created":"2026-04-16T18:24:01.000Z","modified":"2026-04-16T18:24:01.000Z","valid_from":"2026-04-16T18:24:01.000Z","name":"https://www.6v8hsntc.shop","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.6v8hsntc.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044844274718568907"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bdb4e4fa-cecd-5c7b-b1b9-265769b4bd0b","created":"2026-04-16T20:09:08.000Z","modified":"2026-04-16T20:09:08.000Z","valid_from":"2026-04-16T20:09:08.000Z","name":"Element.io","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Element.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044870729993236941"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c46db452-d741-534a-8573-c6b073788ecf","created":"2026-04-16T20:09:08.000Z","modified":"2026-04-16T20:09:08.000Z","valid_from":"2026-04-16T20:09:08.000Z","name":"http://Element.io","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Element.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044870729993236941"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fb6f808-82d0-5f6e-9c03-39731432920a","created":"2026-04-16T20:18:33.000Z","modified":"2026-04-16T20:18:33.000Z","valid_from":"2026-04-16T20:18:33.000Z","name":"baskethumor.xyz","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'baskethumor.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044873098508345557"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--05dd7d19-54a1-550f-91bb-04a67e405a0d","created":"2026-04-16T20:18:33.000Z","modified":"2026-04-16T20:18:33.000Z","valid_from":"2026-04-16T20:18:33.000Z","name":"https://baskethumor.xyz/1yngQxHAxaY5ifXPhfhz?e=392&sis=xxyffsnjx42&pid=4027&tid=&a=4027&cc=HU&t=1776315735","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://baskethumor.xyz/1yngQxHAxaY5ifXPhfhz?e=392&sis=xxyffsnjx42&pid=4027&tid=&a=4027&cc=HU&t=1776315735']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2044873098508345557"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a361bff2-90d5-5581-9713-2214c117e28d","created":"2026-04-16T20:25:35.000Z","modified":"2026-04-16T20:25:35.000Z","valid_from":"2026-04-16T20:25:35.000Z","name":"log.kakao.com-nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'log.kakao.com-nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044874869871906854"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d619891d-12cc-5093-93ac-9a9f25df587d","created":"2026-04-16T20:25:35.000Z","modified":"2026-04-16T20:25:35.000Z","valid_from":"2026-04-16T20:25:35.000Z","name":"http://log.kakao.com-nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://log.kakao.com-nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044874869871906854"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37c8d7da-2e34-5841-8728-90d817210f1a","created":"2026-04-16T20:25:35.000Z","modified":"2026-04-16T20:25:35.000Z","valid_from":"2026-04-16T20:25:35.000Z","name":"http://165.154.52.8","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://165.154.52.8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044874869871906854"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e17fdd5-faeb-52f1-917c-04768ce3283b","created":"2026-04-16T20:25:35.000Z","modified":"2026-04-16T20:25:35.000Z","valid_from":"2026-04-16T20:25:35.000Z","name":"165.154.52.8","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '165.154.52.8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044874869871906854"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6e90817-1711-51c6-b42f-b5a30552eea8","created":"2026-04-16T20:37:20.000Z","modified":"2026-04-16T20:37:20.000Z","valid_from":"2026-04-16T20:37:20.000Z","name":"http://58.252.114.171:45647/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://58.252.114.171:45647/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2044877826780733899"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7dd67c53-b101-5515-be31-987b2fbff83c","created":"2026-04-16T20:37:20.000Z","modified":"2026-04-16T20:37:20.000Z","valid_from":"2026-04-16T20:37:20.000Z","name":"58.252.114.171","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '58.252.114.171']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2044877826780733899"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0176b3b-9c13-5154-9114-4cbb240bc21f","created":"2026-04-16T20:38:20.000Z","modified":"2026-04-16T20:38:20.000Z","valid_from":"2026-04-16T20:38:20.000Z","name":"http://202.70.139.133:51644/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://202.70.139.133:51644/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2044878078082420949"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5871bd2-531d-59ac-8de7-1b4ade2b958f","created":"2026-04-16T20:38:20.000Z","modified":"2026-04-16T20:38:20.000Z","valid_from":"2026-04-16T20:38:20.000Z","name":"202.70.139.133","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '202.70.139.133']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2044878078082420949"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bd291f8-b977-5496-8c1c-c6bf3b495a48","created":"2026-04-16T21:50:18.000Z","modified":"2026-04-16T21:50:18.000Z","valid_from":"2026-04-16T21:50:18.000Z","name":"20c2d8267013675ee535ad9a6721588790fe122a8b633e1d31c7cce6caf2292e","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '20c2d8267013675ee535ad9a6721588790fe122a8b633e1d31c7cce6caf2292e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2044896188424474891"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd73d9fb-97a4-528c-8f14-fa7cefe44635","created":"2026-04-17T00:32:36.000Z","modified":"2026-04-17T00:32:36.000Z","valid_from":"2026-04-17T00:32:36.000Z","name":"pejzbko.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pejzbko.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044937034478063726"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3185bdba-7bae-5f3e-8b1c-d70c93b498a3","created":"2026-04-17T00:32:36.000Z","modified":"2026-04-17T00:32:36.000Z","valid_from":"2026-04-17T00:32:36.000Z","name":"https://pejzbko.cn/m2/a2/g2/wq=ninetendos/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pejzbko.cn/m2/a2/g2/wq=ninetendos/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044937034478063726"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--79200655-f075-5583-b499-78f4217c4819","created":"2026-04-17T00:44:41.000Z","modified":"2026-04-17T00:44:41.000Z","valid_from":"2026-04-17T00:44:41.000Z","name":"6cudc5cqa2bjpwdhcwm2lj6dbqejjjqzeo6ipwvmbazr6cgu7vfk3dad.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '6cudc5cqa2bjpwdhcwm2lj6dbqejjjqzeo6ipwvmbazr6cgu7vfk3dad.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2044940073360298416"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b5d7ac7-a3b6-555b-a8c1-2a003d667bcb","created":"2026-04-17T00:44:41.000Z","modified":"2026-04-17T00:44:41.000Z","valid_from":"2026-04-17T00:44:41.000Z","name":"http://6cudc5cqa2bjpwdhcwm2lj6dbqejjjqzeo6ipwvmbazr6cgu7vfk3dad.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://6cudc5cqa2bjpwdhcwm2lj6dbqejjjqzeo6ipwvmbazr6cgu7vfk3dad.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2044940073360298416"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16aaab6b-a35f-57ba-b2a2-13e99baeb7c9","created":"2026-04-17T00:49:28.000Z","modified":"2026-04-17T00:49:28.000Z","valid_from":"2026-04-17T00:49:28.000Z","name":"tooloria.org","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tooloria.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044941276521632042"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e993c3c-a7be-5332-bd5b-55dca2c4d5ab","created":"2026-04-17T00:49:28.000Z","modified":"2026-04-17T00:49:28.000Z","valid_from":"2026-04-17T00:49:28.000Z","name":"https://tooloria.org","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://tooloria.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044941276521632042"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f1dbaa0-b6e1-58bb-94ec-b160684532bc","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"mobileokgroup.site","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mobileokgroup.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--88c575b0-f9fb-5d59-a4ef-6542d599ea87","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"http://mobileokgroup.site","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mobileokgroup.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18fc69b2-ee0a-5c6c-9022-cf2fd341ef91","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"eastasiagroup.online","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eastasiagroup.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc06c12a-618e-5ea6-80e8-1c375fac86e5","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"http://eastasiagroup.online","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eastasiagroup.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17eb83f9-182b-5be5-89c9-99744752e1c4","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"smadison.online","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'smadison.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--408be49e-3acc-55da-ba9c-4ef2578cc9b3","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"http://smadison.online","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://smadison.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--baf5392b-7708-5fdb-bf77-1c9e90512ea6","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"expireddomain.store","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'expireddomain.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba777725-2baa-54ca-8ebd-617cfd0605aa","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"http://expireddomain.store","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://expireddomain.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a625bc99-6bd1-5d93-88e7-2379be0abd95","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"racswera.online","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'racswera.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cffc9082-4ada-5b50-95d0-b6716d1a180c","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"http://racswera.online","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://racswera.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4ca11618-ea29-5f3b-a800-34bc44285761","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"drive.shadredin.store","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'drive.shadredin.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04ec7e4b-af1b-53d2-ad7f-423bd9b444e7","created":"2026-04-17T02:21:57.000Z","modified":"2026-04-17T02:21:57.000Z","valid_from":"2026-04-17T02:21:57.000Z","name":"http://drive.shadredin.store","description":"IOC reported by @cyberwar_15 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://drive.shadredin.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberwar_15/status/2044964550173409631"}],"labels":["Kimsuky","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f079d820-73ee-59f4-a4d9-34bc154eabec","created":"2026-04-17T02:55:16.000Z","modified":"2026-04-17T02:55:16.000Z","valid_from":"2026-04-17T02:55:16.000Z","name":"a0r21b0d3c4.s3.us-east-1.amazonaws.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'a0r21b0d3c4.s3.us-east-1.amazonaws.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044972938643079426"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e80e418-7ae7-5cae-8413-2e9ddcb82c53","created":"2026-04-17T02:55:16.000Z","modified":"2026-04-17T02:55:16.000Z","valid_from":"2026-04-17T02:55:16.000Z","name":"https://a0r21b0d3c4.s3.us-east-1.amazonaws.com/ef8f5170-57fa-4245-94ae-b1f9f0e75efe","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://a0r21b0d3c4.s3.us-east-1.amazonaws.com/ef8f5170-57fa-4245-94ae-b1f9f0e75efe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044972938643079426"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af374c32-fe2f-5b14-9784-d9f1f188eb18","created":"2026-04-17T02:55:16.000Z","modified":"2026-04-17T02:55:16.000Z","valid_from":"2026-04-17T02:55:16.000Z","name":"eatskorea.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eatskorea.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044972938643079426"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dad2bccb-2ce0-5362-bfbc-45e7c4b1bcc2","created":"2026-04-17T02:55:16.000Z","modified":"2026-04-17T02:55:16.000Z","valid_from":"2026-04-17T02:55:16.000Z","name":"http://eatskorea.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eatskorea.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044972938643079426"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--115c6955-a292-5afa-8728-60bcaeae21df","created":"2026-04-17T02:55:16.000Z","modified":"2026-04-17T02:55:16.000Z","valid_from":"2026-04-17T02:55:16.000Z","name":"http://eatskorea.com/a","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eatskorea.com/a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044972938643079426"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81cf58b6-da40-5702-91bf-c20d0803b692","created":"2026-04-17T02:55:16.000Z","modified":"2026-04-17T02:55:16.000Z","valid_from":"2026-04-17T02:55:16.000Z","name":"xsapz.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xsapz.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044972938643079426"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--885f064d-1cea-550c-b252-7eb4136b5481","created":"2026-04-17T02:55:16.000Z","modified":"2026-04-17T02:55:16.000Z","valid_from":"2026-04-17T02:55:16.000Z","name":"http://xsapz.com/docu/sm.php","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xsapz.com/docu/sm.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2044972938643079426"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be4ef42e-ede6-58de-9d70-345bac0ba125","created":"2026-04-17T03:22:49.000Z","modified":"2026-04-17T03:22:49.000Z","valid_from":"2026-04-17T03:22:49.000Z","name":"b9l6kfqw.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'b9l6kfqw.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044979868472094825"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b6b9980-38a3-5029-a0ae-b979fda3a99f","created":"2026-04-17T03:22:49.000Z","modified":"2026-04-17T03:22:49.000Z","valid_from":"2026-04-17T03:22:49.000Z","name":"https://www.b9l6kfqw.shop/login","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.b9l6kfqw.shop/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2044979868472094825"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f8983d8-0d6e-5118-9c9b-e6e08b1dbcb2","created":"2026-04-17T03:37:10.000Z","modified":"2026-04-17T03:37:10.000Z","valid_from":"2026-04-17T03:37:10.000Z","name":"http://77.91.97.186/login.html","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://77.91.97.186/login.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044983483026518139"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2f6c458-ad6b-5273-a391-e4548eb5e45d","created":"2026-04-17T03:37:10.000Z","modified":"2026-04-17T03:37:10.000Z","valid_from":"2026-04-17T03:37:10.000Z","name":"77.91.97.186","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.91.97.186']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2044983483026518139"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6bfc3521-76a4-5a20-afcb-3eebc8caf93d","created":"2026-04-17T05:26:18.000Z","modified":"2026-04-17T05:26:18.000Z","valid_from":"2026-04-17T05:26:18.000Z","name":"op7yiekgumt7po6mjgii4uewrwjydx5vhpa6y5gv7glftmw5srbwnaid.onion","description":"IOC reported by @salmanvsf on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op7yiekgumt7po6mjgii4uewrwjydx5vhpa6y5gv7glftmw5srbwnaid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/salmanvsf/status/2045010946771608021"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ddab4fa-9c5a-51df-a266-a359f3ad6105","created":"2026-04-17T05:26:18.000Z","modified":"2026-04-17T05:26:18.000Z","valid_from":"2026-04-17T05:26:18.000Z","name":"http://op7yiekgumt7po6mjgii4uewrwjydx5vhpa6y5gv7glftmw5srbwnaid.onion","description":"IOC reported by @salmanvsf on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op7yiekgumt7po6mjgii4uewrwjydx5vhpa6y5gv7glftmw5srbwnaid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/salmanvsf/status/2045010946771608021"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b81cd4f9-485c-5f91-8cfd-f26f079a7d09","created":"2026-04-17T05:33:45.000Z","modified":"2026-04-17T05:33:45.000Z","valid_from":"2026-04-17T05:33:45.000Z","name":"45.61.157.149","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.61.157.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2045012821881278820"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc4e9ee5-1775-5d99-9fd0-e212dc166041","created":"2026-04-17T05:35:54.000Z","modified":"2026-04-17T05:35:54.000Z","valid_from":"2026-04-17T05:35:54.000Z","name":"https://storage.googleapis.com/opentokenaii","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://storage.googleapis.com/opentokenaii']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045013362820476967"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--abf0f599-c3e8-5c65-97e4-1b0e6f0ce84c","created":"2026-04-17T07:45:38.000Z","modified":"2026-04-17T07:45:38.000Z","valid_from":"2026-04-17T07:45:38.000Z","name":"31.200.249.233","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.200.249.233']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045046010771108004"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1285a039-e823-5e65-8413-43c8aae42d76","created":"2026-04-17T07:45:38.000Z","modified":"2026-04-17T07:45:38.000Z","valid_from":"2026-04-17T07:45:38.000Z","name":"185.16.215.140","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.16.215.140']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045046010771108004"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b8cc820-e967-5efc-9c2b-7f57f27ab38a","created":"2026-04-17T07:45:38.000Z","modified":"2026-04-17T07:45:38.000Z","valid_from":"2026-04-17T07:45:38.000Z","name":"185.16.215.189","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.16.215.189']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045046010771108004"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9753eb1b-4922-56d3-afe9-abf960c5f247","created":"2026-04-17T07:45:38.000Z","modified":"2026-04-17T07:45:38.000Z","valid_from":"2026-04-17T07:45:38.000Z","name":"217.145.227.15","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '217.145.227.15']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045046010771108004"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a45fe5b9-d287-5483-8524-93000380fe01","created":"2026-04-17T07:45:38.000Z","modified":"2026-04-17T07:45:38.000Z","valid_from":"2026-04-17T07:45:38.000Z","name":"31.200.249.244","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.200.249.244']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045046010771108004"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2c58edb-31e2-51ea-a013-0e456c5ec237","created":"2026-04-17T10:14:20.000Z","modified":"2026-04-17T10:14:20.000Z","valid_from":"2026-04-17T10:14:20.000Z","name":"allegro-lokalnie.998827gi.click","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'allegro-lokalnie.998827gi.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045083430803681779"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf344c10-6455-5708-91f3-c5bfa3236a68","created":"2026-04-17T10:14:20.000Z","modified":"2026-04-17T10:14:20.000Z","valid_from":"2026-04-17T10:14:20.000Z","name":"http://allegro-lokalnie.998827gi.click","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://allegro-lokalnie.998827gi.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045083430803681779"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c11a171-bb1e-5f18-824a-2809c0e086e9","created":"2026-04-17T10:55:47.000Z","modified":"2026-04-17T10:55:47.000Z","valid_from":"2026-04-17T10:55:47.000Z","name":"bb38b1a974547f77b8c59b7efdb5add8","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'bb38b1a974547f77b8c59b7efdb5add8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2045093863812112734"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed3a23e5-cbc6-56ca-a445-9e5af9bf9017","created":"2026-04-17T11:51:01.000Z","modified":"2026-04-17T11:51:01.000Z","valid_from":"2026-04-17T11:51:01.000Z","name":"https://t.co/yADmaotwFv","description":"IOC reported by @CyberTech_In on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://t.co/yADmaotwFv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/CyberTech_In/status/2045107762552820007"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--28dc9034-140c-5d5c-b471-8e1d7f220c98","created":"2026-04-17T11:58:39.000Z","modified":"2026-04-17T11:58:39.000Z","valid_from":"2026-04-17T11:58:39.000Z","name":"corporationusarydersysteminccapital.mcpcjiinc.vu","description":"IOC reported by @James_inthe_box on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'corporationusarydersysteminccapital.mcpcjiinc.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/James_inthe_box/status/2045109684450083179"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd5f659b-a54c-5a19-83a8-1ca4f439cdb1","created":"2026-04-17T11:58:39.000Z","modified":"2026-04-17T11:58:39.000Z","valid_from":"2026-04-17T11:58:39.000Z","name":"https://corporationusarydersysteminccapital.mcpcjiinc.vu","description":"IOC reported by @James_inthe_box on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://corporationusarydersysteminccapital.mcpcjiinc.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/James_inthe_box/status/2045109684450083179"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba32fd35-5be2-5eff-9388-4c624402af92","created":"2026-04-17T12:03:29.000Z","modified":"2026-04-17T12:03:29.000Z","valid_from":"2026-04-17T12:03:29.000Z","name":"66.198.225.125","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '66.198.225.125']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2045110901892886827"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac7b8f79-68ed-5ef2-8390-7dfc994ff5bb","created":"2026-04-17T12:33:02.000Z","modified":"2026-04-17T12:33:02.000Z","valid_from":"2026-04-17T12:33:02.000Z","name":"hyndoffr.pages.dev","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hyndoffr.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045118336384778331"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cec483e4-5fdc-5253-8090-79622f99ecc7","created":"2026-04-17T12:33:02.000Z","modified":"2026-04-17T12:33:02.000Z","valid_from":"2026-04-17T12:33:02.000Z","name":"http://hyndoffr.pages.dev","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hyndoffr.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045118336384778331"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a7e24cf-2392-5c62-997a-283ae85ed243","created":"2026-04-17T13:11:13.000Z","modified":"2026-04-17T13:11:13.000Z","valid_from":"2026-04-17T13:11:13.000Z","name":"223.123.73.167","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '223.123.73.167']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045127944226382030"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec9ed514-5ce0-594f-be20-9b2a6db0b415","created":"2026-04-17T13:16:55.000Z","modified":"2026-04-17T13:16:55.000Z","valid_from":"2026-04-17T13:16:55.000Z","name":"lifehabit.cfd","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lifehabit.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2045129379689476465"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c097ffd4-b2f5-56d2-b834-6a813961e6f4","created":"2026-04-17T13:16:55.000Z","modified":"2026-04-17T13:16:55.000Z","valid_from":"2026-04-17T13:16:55.000Z","name":"https://www.lifehabit.cfd/lfMgYK","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.lifehabit.cfd/lfMgYK']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2045129379689476465"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a38f58db-c0da-54b2-beb0-5b7b6ae64016","created":"2026-04-17T13:17:52.000Z","modified":"2026-04-17T13:17:52.000Z","valid_from":"2026-04-17T13:17:52.000Z","name":"visaphoto-secure.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'visaphoto-secure.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045129620295426127"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--82323124-4548-564c-8d46-4c9b2abd2dfe","created":"2026-04-17T13:17:52.000Z","modified":"2026-04-17T13:17:52.000Z","valid_from":"2026-04-17T13:17:52.000Z","name":"http://visaphoto-secure.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://visaphoto-secure.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045129620295426127"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1911e7f-3d86-5dbc-acf1-6db7dd22685f","created":"2026-04-17T13:50:26.000Z","modified":"2026-04-17T13:50:26.000Z","valid_from":"2026-04-17T13:50:26.000Z","name":"minsundheddigital.com","description":"IOC reported by @TeamDreier on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'minsundheddigital.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/TeamDreier/status/2045137812907786352"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3170c55e-1b73-5ccb-88c7-776a07812878","created":"2026-04-17T13:50:26.000Z","modified":"2026-04-17T13:50:26.000Z","valid_from":"2026-04-17T13:50:26.000Z","name":"https://minsundheddigital.com","description":"IOC reported by @TeamDreier on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://minsundheddigital.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/TeamDreier/status/2045137812907786352"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd214009-d622-5898-b940-10e469817b3c","created":"2026-04-17T14:12:36.000Z","modified":"2026-04-17T14:12:36.000Z","valid_from":"2026-04-17T14:12:36.000Z","name":"8.210.238.216","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.210.238.216']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045143394595344697"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8ff6192-9253-57a2-887a-b996ded8599f","created":"2026-04-17T14:12:36.000Z","modified":"2026-04-17T14:12:36.000Z","valid_from":"2026-04-17T14:12:36.000Z","name":"27.124.40.62","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.124.40.62']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045143394595344697"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--114459e8-a219-58c5-b0b7-186b5fb43943","created":"2026-04-17T14:12:36.000Z","modified":"2026-04-17T14:12:36.000Z","valid_from":"2026-04-17T14:12:36.000Z","name":"43.98.161.37","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.98.161.37']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045143394595344697"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e472494-ac2d-5698-bd88-e0e9bcb9a5c2","created":"2026-04-17T14:12:36.000Z","modified":"2026-04-17T14:12:36.000Z","valid_from":"2026-04-17T14:12:36.000Z","name":"43.229.114.154","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.229.114.154']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045143394595344697"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9dff151-d336-5c0d-bfb7-89f296bd7173","created":"2026-04-17T14:12:36.000Z","modified":"2026-04-17T14:12:36.000Z","valid_from":"2026-04-17T14:12:36.000Z","name":"47.84.22.116","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.84.22.116']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045143394595344697"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--08161728-fb2b-51d0-b7d7-8e957f54f4ad","created":"2026-04-17T14:47:16.000Z","modified":"2026-04-17T14:47:16.000Z","valid_from":"2026-04-17T14:47:16.000Z","name":"54.197.208.68","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '54.197.208.68']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2045152117929689110"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8d7ba41-a1b5-50b1-acbb-089f3bca1f23","created":"2026-04-17T15:10:00.000Z","modified":"2026-04-17T15:10:00.000Z","valid_from":"2026-04-17T15:10:00.000Z","name":"gwenet.org","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gwenet.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045157840071856623"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--396daef8-6b12-559c-bc4e-8ed17d360c4f","created":"2026-04-17T15:10:00.000Z","modified":"2026-04-17T15:10:00.000Z","valid_from":"2026-04-17T15:10:00.000Z","name":"http://www.gwenet.org/office","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://www.gwenet.org/office']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045157840071856623"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee99a4e0-fe95-5c83-b3f1-d4ed5ff8cd02","created":"2026-04-17T15:10:00.000Z","modified":"2026-04-17T15:10:00.000Z","valid_from":"2026-04-17T15:10:00.000Z","name":"66.175.58.9","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '66.175.58.9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045157840071856623"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1d7b344-3a4e-5bf7-bd3c-d7d6a336e895","created":"2026-04-17T15:30:01.000Z","modified":"2026-04-17T15:30:01.000Z","valid_from":"2026-04-17T15:30:01.000Z","name":"158.94.210.248","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '158.94.210.248']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2045162875702935701"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ff3050c-4a5d-579b-aece-79d37881763a","created":"2026-04-17T15:30:01.000Z","modified":"2026-04-17T15:30:01.000Z","valid_from":"2026-04-17T15:30:01.000Z","name":"185.224.215.252","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.224.215.252']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2045162875702935701"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9102ba9-5295-5981-bdae-d2aa320295cb","created":"2026-04-17T15:30:01.000Z","modified":"2026-04-17T15:30:01.000Z","valid_from":"2026-04-17T15:30:01.000Z","name":"91.92.241.160","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.92.241.160']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2045162875702935701"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26a1bf23-d5a3-5dee-9355-1e8ec4f1c350","created":"2026-04-17T15:30:01.000Z","modified":"2026-04-17T15:30:01.000Z","valid_from":"2026-04-17T15:30:01.000Z","name":"188.137.247.152","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '188.137.247.152']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2045162875702935701"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd9c935d-c4a8-5124-908e-358b26e9c0bf","created":"2026-04-17T16:12:27.000Z","modified":"2026-04-17T16:12:27.000Z","valid_from":"2026-04-17T16:12:27.000Z","name":"http://212.80.7.74","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://212.80.7.74']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2045173555210670188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7af80f12-4cba-5a27-bb7e-30223eb8484d","created":"2026-04-17T16:12:27.000Z","modified":"2026-04-17T16:12:27.000Z","valid_from":"2026-04-17T16:12:27.000Z","name":"stndrdbnk.cc","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'stndrdbnk.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2045173555210670188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--792c8bc5-2fcb-5e20-af58-43841e7fd7bb","created":"2026-04-17T16:12:27.000Z","modified":"2026-04-17T16:12:27.000Z","valid_from":"2026-04-17T16:12:27.000Z","name":"http://stndrdbnk.cc","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://stndrdbnk.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2045173555210670188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1a270fd-1ee3-5f87-8848-3f0ad63113e3","created":"2026-04-17T16:12:27.000Z","modified":"2026-04-17T16:12:27.000Z","valid_from":"2026-04-17T16:12:27.000Z","name":"212.80.7.74","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '212.80.7.74']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2045173555210670188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1051d5ec-3fe1-5a06-b30e-5cf558e74bc8","created":"2026-04-17T16:44:01.000Z","modified":"2026-04-17T16:44:01.000Z","valid_from":"2026-04-17T16:44:01.000Z","name":"66.85.46.67","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '66.85.46.67']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2045181497204764944"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf99f919-4cf1-54d1-a19d-349cd50b037b","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"eiigewdlgtj.auth-umblog70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eiigewdlgtj.auth-umblog70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--160799a3-a5ea-5f01-8469-e1245cfbdb55","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"http://eiigewdlgtj.auth-umblog70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eiigewdlgtj.auth-umblog70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41a86891-8f88-5cb3-b983-99b5751ca52a","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"aqazyjxhkiw.ntsvestigate.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'aqazyjxhkiw.ntsvestigate.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec0d01ef-da29-51ee-a2d2-6eb409f23127","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"http://aqazyjxhkiw.ntsvestigate.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://aqazyjxhkiw.ntsvestigate.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18ddf97c-a637-57d6-9d18-56eb7e7496b6","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"netinvoice.chposting7s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'netinvoice.chposting7s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--723a9a48-e40b-5143-807e-8e8c5e32f328","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"http://netinvoice.chposting7s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://netinvoice.chposting7s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0adeb60-116f-5b96-9064-fdb22675cc14","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"ntha-3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntha-3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38f0d2da-8a2b-5a0e-b94a-10fd3f88ec78","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"http://ntha-3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntha-3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b018b7b8-5b6c-5f83-a2e1-6469e81d85fd","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"ntha-11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntha-11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46786896-ee85-5bb4-b042-74a363dfb665","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"http://ntha-11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntha-11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--177d56ea-23ae-521d-b941-623b6c4292c7","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"abusecenter.ntha-3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'abusecenter.ntha-3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b038ce8b-042f-5dfb-8136-ddebf993a3c9","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"http://abusecenter.ntha-3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://abusecenter.ntha-3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2e6dd71-1c03-5096-8c39-528c0ad598cb","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"nid.ntha-11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ntha-11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ceb05e1-98c0-5aee-9b34-a31346b0c4da","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"http://nid.ntha-11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ntha-11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ec4d23e-39a5-591c-8f42-325e53e3f636","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"nid.ntha-15s.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ntha-15s.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b725445-832f-5c4b-9e20-c231fc581d42","created":"2026-04-17T18:05:33.000Z","modified":"2026-04-17T18:05:33.000Z","valid_from":"2026-04-17T18:05:33.000Z","name":"http://nid.ntha-15s.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ntha-15s.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045202017875120258"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46993181-9f80-5a8c-9392-0189ec26b68c","created":"2026-04-17T19:02:46.000Z","modified":"2026-04-17T19:02:46.000Z","valid_from":"2026-04-17T19:02:46.000Z","name":"sharepoint-marubeniamerica-projectbck.pages.dev","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sharepoint-marubeniamerica-projectbck.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045216415922229546"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f73d20c-50a9-5a19-8171-244a2fc2b337","created":"2026-04-17T19:02:46.000Z","modified":"2026-04-17T19:02:46.000Z","valid_from":"2026-04-17T19:02:46.000Z","name":"http://sharepoint-marubeniamerica-projectbck.pages.dev","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sharepoint-marubeniamerica-projectbck.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045216415922229546"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3483c361-1bf2-5129-b7a0-1eb3fb502007","created":"2026-04-17T19:27:58.000Z","modified":"2026-04-17T19:27:58.000Z","valid_from":"2026-04-17T19:27:58.000Z","name":"https://193.219.28.148/packages/winsite/winxp/netutil/","description":"IOC reported by @JRoosen on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://193.219.28.148/packages/winsite/winxp/netutil/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JRoosen/status/2045222759358185663"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4531aecf-1d67-58f4-94ba-9500728fdb70","created":"2026-04-17T19:27:58.000Z","modified":"2026-04-17T19:27:58.000Z","valid_from":"2026-04-17T19:27:58.000Z","name":"193.219.28.148","description":"IOC reported by @JRoosen on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.219.28.148']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JRoosen/status/2045222759358185663"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67898f59-18e6-58a4-a50a-9a0f6e5e99fd","created":"2026-04-17T20:05:00.000Z","modified":"2026-04-17T20:05:00.000Z","valid_from":"2026-04-17T20:05:00.000Z","name":"http://146.56.206.82","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://146.56.206.82']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045232077277139143"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--19e15a5b-1040-5185-9963-59f9fef18912","created":"2026-04-17T20:05:00.000Z","modified":"2026-04-17T20:05:00.000Z","valid_from":"2026-04-17T20:05:00.000Z","name":"146.56.206.82","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '146.56.206.82']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045232077277139143"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1b2ea48-60b5-5829-95a0-789d22595162","created":"2026-04-17T20:34:03.000Z","modified":"2026-04-17T20:34:03.000Z","valid_from":"2026-04-17T20:34:03.000Z","name":"photo-vaultdocs.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'photo-vaultdocs.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045239389987463288"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd0b2155-eadd-52fa-aa35-6ba378c48d62","created":"2026-04-17T20:34:03.000Z","modified":"2026-04-17T20:34:03.000Z","valid_from":"2026-04-17T20:34:03.000Z","name":"http://photo-vaultdocs.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://photo-vaultdocs.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045239389987463288"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6671ae0-ffe5-551e-9f32-74924abd87ea","created":"2026-04-17T21:30:00.000Z","modified":"2026-04-17T21:30:00.000Z","valid_from":"2026-04-17T21:30:00.000Z","name":"incidenteslogisticos.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'incidenteslogisticos.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2045253468093317520"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--674f0cdf-2da9-58cf-9fad-4c742e2eeb5c","created":"2026-04-17T21:30:00.000Z","modified":"2026-04-17T21:30:00.000Z","valid_from":"2026-04-17T21:30:00.000Z","name":"https://incidenteslogisticos.site/login","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://incidenteslogisticos.site/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2045253468093317520"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a360f837-c032-5efd-8f1e-5033aa26a43f","created":"2026-04-17T22:37:49.000Z","modified":"2026-04-17T22:37:49.000Z","valid_from":"2026-04-17T22:37:49.000Z","name":"103.199.185.96","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '103.199.185.96']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045270535056056456"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c8e4178-d29c-518e-84ca-9d1caf4849dd","created":"2026-04-17T23:10:20.000Z","modified":"2026-04-17T23:10:20.000Z","valid_from":"2026-04-17T23:10:20.000Z","name":"http://110.37.44.250:33994/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://110.37.44.250:33994/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2045278718591995977"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7aafe007-3455-5436-8d3b-59453e24adc8","created":"2026-04-17T23:10:20.000Z","modified":"2026-04-17T23:10:20.000Z","valid_from":"2026-04-17T23:10:20.000Z","name":"110.37.44.250","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '110.37.44.250']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2045278718591995977"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--350941ff-9c24-5173-8d58-82aa64847b6f","created":"2026-04-18T06:12:56.000Z","modified":"2026-04-18T06:12:56.000Z","valid_from":"2026-04-18T06:12:56.000Z","name":"117.53.47.247","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '117.53.47.247']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2045385067695067529"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3dbf7bba-ba58-5dc8-8368-97bca0db571e","created":"2026-04-18T06:12:56.000Z","modified":"2026-04-18T06:12:56.000Z","valid_from":"2026-04-18T06:12:56.000Z","name":"666af211d57c35c445124d04554e84a3a21b76f063cde388c7553c61a44c0da7","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '666af211d57c35c445124d04554e84a3a21b76f063cde388c7553c61a44c0da7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2045385067695067529"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1d7b344-3a4e-5bf7-bd3c-d7d6a336e895","created":"2026-04-18T07:17:55.000Z","modified":"2026-04-18T07:17:55.000Z","valid_from":"2026-04-18T07:17:55.000Z","name":"158.94.210.248","description":"IOC reported by @banthisguy9349 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '158.94.210.248']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/banthisguy9349/status/2045401420556628192"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ff3050c-4a5d-579b-aece-79d37881763a","created":"2026-04-18T07:17:55.000Z","modified":"2026-04-18T07:17:55.000Z","valid_from":"2026-04-18T07:17:55.000Z","name":"185.224.215.252","description":"IOC reported by @banthisguy9349 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.224.215.252']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/banthisguy9349/status/2045401420556628192"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9102ba9-5295-5981-bdae-d2aa320295cb","created":"2026-04-18T07:17:55.000Z","modified":"2026-04-18T07:17:55.000Z","valid_from":"2026-04-18T07:17:55.000Z","name":"91.92.241.160","description":"IOC reported by @banthisguy9349 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.92.241.160']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/banthisguy9349/status/2045401420556628192"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fbf50e6-aaee-5e4f-8267-9c219b02a24b","created":"2026-04-18T08:26:43.000Z","modified":"2026-04-18T08:26:43.000Z","valid_from":"2026-04-18T08:26:43.000Z","name":"pynomg.sa.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pynomg.sa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045418735071015209"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5908d71a-6dc9-520f-934c-884572673398","created":"2026-04-18T08:26:43.000Z","modified":"2026-04-18T08:26:43.000Z","valid_from":"2026-04-18T08:26:43.000Z","name":"http://pynomg.sa.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pynomg.sa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045418735071015209"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7f0725f-1383-5d5b-ba7f-73c4d8ef1d1f","created":"2026-04-18T08:26:43.000Z","modified":"2026-04-18T08:26:43.000Z","valid_from":"2026-04-18T08:26:43.000Z","name":"http://104.21.4.242:3306","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.4.242:3306']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045418735071015209"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f3b528b-ee30-5072-aecd-04eb4a2e761f","created":"2026-04-18T08:26:43.000Z","modified":"2026-04-18T08:26:43.000Z","valid_from":"2026-04-18T08:26:43.000Z","name":"http://172.67.187.60:3306","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.187.60:3306']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045418735071015209"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26ef7547-f70e-546a-8e76-30ecb5d397fb","created":"2026-04-18T09:28:48.000Z","modified":"2026-04-18T09:28:48.000Z","valid_from":"2026-04-18T09:28:48.000Z","name":"my-ledger.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'my-ledger.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045434358635299317"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--29dce6ad-6630-58fb-8f3f-c3539ec20ea0","created":"2026-04-18T09:28:48.000Z","modified":"2026-04-18T09:28:48.000Z","valid_from":"2026-04-18T09:28:48.000Z","name":"http://my-ledger.at/airtable0x","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://my-ledger.at/airtable0x']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045434358635299317"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff24d80f-cb35-5074-806d-e3c5cacb7a6b","created":"2026-04-18T09:28:48.000Z","modified":"2026-04-18T09:28:48.000Z","valid_from":"2026-04-18T09:28:48.000Z","name":"ledger.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ledger.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045434358635299317"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--615c24de-440c-548b-8081-61e04d7a2464","created":"2026-04-18T09:28:48.000Z","modified":"2026-04-18T09:28:48.000Z","valid_from":"2026-04-18T09:28:48.000Z","name":"http://ledger.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ledger.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045434358635299317"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f016a24-494b-53f4-9cf0-2a3e6cdb82dc","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"identify-ledger.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'identify-ledger.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb34f0fb-5b1c-5434-96b0-39636fe58621","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"http://identify-ledger.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://identify-ledger.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a33c1847-3056-5abb-861c-797feeca32e6","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"auth-ledger.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'auth-ledger.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f39d9252-f2f9-535e-84f0-0c677ca6151f","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"http://auth-ledger.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://auth-ledger.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d71f0d25-9515-5075-a94a-781342d4ea12","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"authy-ledger.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'authy-ledger.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a02243d-54cd-544b-a4b6-9b1e37bc2f59","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"http://authy-ledger.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://authy-ledger.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c5716f45-2b7f-5e3d-b4cd-a46e7910b01e","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"authy-ledger.gl","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'authy-ledger.gl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--08eb9b6a-3c98-5166-9ec1-9811afbad328","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"http://authy-ledger.gl","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://authy-ledger.gl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--47043c74-014d-5cd0-bc69-3c8f9c0493e4","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"04-ledger.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '04-ledger.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ed45e7f-2df5-5af6-a1a4-0b8582e0fc75","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"http://04-ledger.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://04-ledger.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0db388f-2aad-5dcf-b8a3-a4424e2847de","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"05-ledger.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '05-ledger.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cff7a23-b61d-518d-ba29-0117e317af1c","created":"2026-04-18T09:50:41.000Z","modified":"2026-04-18T09:50:41.000Z","valid_from":"2026-04-18T09:50:41.000Z","name":"http://05-ledger.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://05-ledger.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045439868814184720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b2acbf2-d0fe-501c-90d9-4fb1a59b124d","created":"2026-04-18T10:02:10.000Z","modified":"2026-04-18T10:02:10.000Z","valid_from":"2026-04-18T10:02:10.000Z","name":"jiangxinstone.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jiangxinstone.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2045442757997801929"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03f8419e-b3b0-5441-a8bb-0b4320c530e9","created":"2026-04-18T10:02:10.000Z","modified":"2026-04-18T10:02:10.000Z","valid_from":"2026-04-18T10:02:10.000Z","name":"https://www.jiangxinstone.com/index","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.jiangxinstone.com/index']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2045442757997801929"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5245f5af-1432-56d0-bbbd-5035e1f8abb2","created":"2026-04-18T10:28:09.000Z","modified":"2026-04-18T10:28:09.000Z","valid_from":"2026-04-18T10:28:09.000Z","name":"e44d4b876b0e0bad1ecf401980ac4ffd","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'e44d4b876b0e0bad1ecf401980ac4ffd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2045449296871321937"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ad29511-8a0d-5043-9a3f-643719f824cf","created":"2026-04-18T10:28:09.000Z","modified":"2026-04-18T10:28:09.000Z","valid_from":"2026-04-18T10:28:09.000Z","name":"351d7789895ef1559ea7d6fe5db97f13","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '351d7789895ef1559ea7d6fe5db97f13']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2045449296871321937"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--941c75bd-4468-509f-812a-dddfe169f269","created":"2026-04-18T11:18:14.000Z","modified":"2026-04-18T11:18:14.000Z","valid_from":"2026-04-18T11:18:14.000Z","name":"http://144.31.236.60/dl/install.msi","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://144.31.236.60/dl/install.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045461899064594684"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b70b14d4-ad81-5808-84e9-f7d431fcffa6","created":"2026-04-18T11:18:14.000Z","modified":"2026-04-18T11:18:14.000Z","valid_from":"2026-04-18T11:18:14.000Z","name":"hongkongplazaworks.top","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hongkongplazaworks.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045461899064594684"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa9eb240-5fd9-529a-80bc-3c60282c0c95","created":"2026-04-18T11:18:14.000Z","modified":"2026-04-18T11:18:14.000Z","valid_from":"2026-04-18T11:18:14.000Z","name":"http://hongkongplazaworks.top","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hongkongplazaworks.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045461899064594684"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc4d90a3-2b7b-55a6-a1c5-859fb3704d2d","created":"2026-04-18T11:18:14.000Z","modified":"2026-04-18T11:18:14.000Z","valid_from":"2026-04-18T11:18:14.000Z","name":"144.31.236.60","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '144.31.236.60']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045461899064594684"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a053101b-7cdf-51e1-983f-ab37ef68f13b","created":"2026-04-18T11:26:34.000Z","modified":"2026-04-18T11:26:34.000Z","valid_from":"2026-04-18T11:26:34.000Z","name":"browseruphelp.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'browseruphelp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045463996434665913"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e67131f0-c92c-5f0b-be22-f73ea68c9122","created":"2026-04-18T11:26:34.000Z","modified":"2026-04-18T11:26:34.000Z","valid_from":"2026-04-18T11:26:34.000Z","name":"http://browseruphelp.com/en/verification","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://browseruphelp.com/en/verification']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045463996434665913"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--805ee4b1-0f3d-56d9-b2aa-61d2e26c9bae","created":"2026-04-18T13:29:34.000Z","modified":"2026-04-18T13:29:34.000Z","valid_from":"2026-04-18T13:29:34.000Z","name":"wpscdn.vip","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wpscdn.vip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045494950750531957"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ced09031-fb06-5ec5-9872-5de87837a4ed","created":"2026-04-18T13:29:34.000Z","modified":"2026-04-18T13:29:34.000Z","valid_from":"2026-04-18T13:29:34.000Z","name":"http://wpscdn.vip","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wpscdn.vip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045494950750531957"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc6d64ef-0a0b-59e0-8c55-926ef19b91bd","created":"2026-04-18T13:57:23.000Z","modified":"2026-04-18T13:57:23.000Z","valid_from":"2026-04-18T13:57:23.000Z","name":"http://94.232.46.16","description":"IOC reported by @ViriBack on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://94.232.46.16']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ViriBack/status/2045501950280540217"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7cfa10c-bcae-54fb-ade3-9be66b41a830","created":"2026-04-18T13:57:53.000Z","modified":"2026-04-18T13:57:53.000Z","valid_from":"2026-04-18T13:57:53.000Z","name":"33dacf9f854f636216e5062ca252df8e5bed652efd78b86512f5b868b11ee70f","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '33dacf9f854f636216e5062ca252df8e5bed652efd78b86512f5b868b11ee70f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045502079452532827"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6cf2ccc-9f5d-55ab-85de-f0f2fa38d559","created":"2026-04-18T13:58:46.000Z","modified":"2026-04-18T13:58:46.000Z","valid_from":"2026-04-18T13:58:46.000Z","name":"zloapbikahy23.bond","description":"IOC reported by @marsomx_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zloapbikahy23.bond']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/marsomx_/status/2045502301788348910"}],"labels":["Vidar"]},{"type":"indicator","spec_version":"2.1","id":"indicator--feb4dafe-e8d7-50d1-94d8-3dc93298ad51","created":"2026-04-18T13:58:46.000Z","modified":"2026-04-18T13:58:46.000Z","valid_from":"2026-04-18T13:58:46.000Z","name":"http://zloapbikahy23.bond","description":"IOC reported by @marsomx_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://zloapbikahy23.bond']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/marsomx_/status/2045502301788348910"}],"labels":["Vidar"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49c6421a-8488-5b8b-9e94-0ecaaf073a75","created":"2026-04-18T14:14:40.000Z","modified":"2026-04-18T14:14:40.000Z","valid_from":"2026-04-18T14:14:40.000Z","name":"rabby.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rabby.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045506300197401031"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--623deae5-befd-5a1d-a496-7593d8703da6","created":"2026-04-18T14:14:40.000Z","modified":"2026-04-18T14:14:40.000Z","valid_from":"2026-04-18T14:14:40.000Z","name":"http://rabby.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rabby.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045506300197401031"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e468c42-e529-5bd4-9c3f-45fb91ff0f33","created":"2026-04-18T14:14:40.000Z","modified":"2026-04-18T14:14:40.000Z","valid_from":"2026-04-18T14:14:40.000Z","name":"rabby.net-sys.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rabby.net-sys.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045506300197401031"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--befda2c2-e783-5921-8a6d-974fdbbea70c","created":"2026-04-18T14:14:40.000Z","modified":"2026-04-18T14:14:40.000Z","valid_from":"2026-04-18T14:14:40.000Z","name":"http://rabby.net-sys.at","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rabby.net-sys.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045506300197401031"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71b84fb8-c481-581c-b63f-ec11e7efb3af","created":"2026-04-18T14:14:40.000Z","modified":"2026-04-18T14:14:40.000Z","valid_from":"2026-04-18T14:14:40.000Z","name":"r\u00e0bby.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'r\u00e0bby.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045506300197401031"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--45f35fd4-4a97-5de6-8bdc-51bf52da2d3a","created":"2026-04-18T14:14:40.000Z","modified":"2026-04-18T14:14:40.000Z","valid_from":"2026-04-18T14:14:40.000Z","name":"http://r\u00e0bby.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r\u00e0bby.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045506300197401031"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ec4364c-ccb4-5b25-89bf-28131c921361","created":"2026-04-18T14:14:40.000Z","modified":"2026-04-18T14:14:40.000Z","valid_from":"2026-04-18T14:14:40.000Z","name":"rabby-web.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rabby-web.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045506300197401031"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc68cd76-30e2-5804-8707-2c953db5f92b","created":"2026-04-18T14:14:40.000Z","modified":"2026-04-18T14:14:40.000Z","valid_from":"2026-04-18T14:14:40.000Z","name":"http://rabby-web.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rabby-web.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045506300197401031"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8831ca28-4baa-5062-bafc-cd88a8f38311","created":"2026-04-18T14:19:32.000Z","modified":"2026-04-18T14:19:32.000Z","valid_from":"2026-04-18T14:19:32.000Z","name":"http://94.232.40.169","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://94.232.40.169']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045507525659758780"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--55cb2daa-3300-52c9-abbe-ecbd2f82dc58","created":"2026-04-18T14:19:32.000Z","modified":"2026-04-18T14:19:32.000Z","valid_from":"2026-04-18T14:19:32.000Z","name":"94.232.40.169","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.232.40.169']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045507525659758780"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8591f0b4-b70b-5426-b6af-ec575d7a54a0","created":"2026-04-18T14:22:53.000Z","modified":"2026-04-18T14:22:53.000Z","valid_from":"2026-04-18T14:22:53.000Z","name":"16c69532d7fb0360ca18376339e05196fe8f4f0ccad7ae13eefe453f893e61fd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '16c69532d7fb0360ca18376339e05196fe8f4f0ccad7ae13eefe453f893e61fd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045508369163690115"}],"labels":["APT","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae62e799-b477-57b1-b393-280efc08de9b","created":"2026-04-18T14:59:42.000Z","modified":"2026-04-18T14:59:42.000Z","valid_from":"2026-04-18T14:59:42.000Z","name":"g54hgtrg-ccc2-ff500.sfo3.digitaloceanspaces.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'g54hgtrg-ccc2-ff500.sfo3.digitaloceanspaces.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045517633232007195"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a41c1d4-d101-5d74-b47c-836f03b4c24b","created":"2026-04-18T14:59:42.000Z","modified":"2026-04-18T14:59:42.000Z","valid_from":"2026-04-18T14:59:42.000Z","name":"http://g54hgtrg-ccc2-ff500.sfo3.digitaloceanspaces.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g54hgtrg-ccc2-ff500.sfo3.digitaloceanspaces.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045517633232007195"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f25bab6f-99f4-5fed-b020-3ac74b02563f","created":"2026-04-18T18:39:15.000Z","modified":"2026-04-18T18:39:15.000Z","valid_from":"2026-04-18T18:39:15.000Z","name":"154.16.170.58","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '154.16.170.58']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2045572886786658605"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23dd120f-f2c7-5b3f-9d46-234a34ad1ca6","created":"2026-04-18T18:47:53.000Z","modified":"2026-04-18T18:47:53.000Z","valid_from":"2026-04-18T18:47:53.000Z","name":"ukrguard.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ukrguard.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045575057498345545"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0d563f8-d2fd-5692-bdda-9d5a5a185835","created":"2026-04-18T18:47:53.000Z","modified":"2026-04-18T18:47:53.000Z","valid_from":"2026-04-18T18:47:53.000Z","name":"https://ukrguard.org/proposal/","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ukrguard.org/proposal/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045575057498345545"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4676e1c-a029-58bd-a516-5f1208d0d892","created":"2026-04-18T18:51:20.000Z","modified":"2026-04-18T18:51:20.000Z","valid_from":"2026-04-18T18:51:20.000Z","name":"http://105.158.193.79:58038/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://105.158.193.79:58038/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2045575926486847738"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e91405f-6a37-5299-9c60-85d6cb4cb6e2","created":"2026-04-18T18:51:20.000Z","modified":"2026-04-18T18:51:20.000Z","valid_from":"2026-04-18T18:51:20.000Z","name":"105.158.193.79","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '105.158.193.79']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2045575926486847738"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cef84cf1-67d0-512e-9be0-c0838acddb6f","created":"2026-04-18T18:58:53.000Z","modified":"2026-04-18T18:58:53.000Z","valid_from":"2026-04-18T18:58:53.000Z","name":"https://ukrguard.org/proposal/proposal.hta","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ukrguard.org/proposal/proposal.hta']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045577825600573807"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2104042c-2c3b-5ed3-b9ee-77bc3c28eeb0","created":"2026-04-18T19:03:53.000Z","modified":"2026-04-18T19:03:53.000Z","valid_from":"2026-04-18T19:03:53.000Z","name":"185.211.100.50","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.211.100.50']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2045579083267068122"}],"labels":["C2","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb84c478-ffa9-5cd1-81f0-9a0d7d5cc720","created":"2026-04-18T21:16:33.000Z","modified":"2026-04-18T21:16:33.000Z","valid_from":"2026-04-18T21:16:33.000Z","name":"ledger.updates-2026.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ledger.updates-2026.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045612471952576740"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a222cc7-e272-5692-a974-327d1034b6a6","created":"2026-04-18T21:16:33.000Z","modified":"2026-04-18T21:16:33.000Z","valid_from":"2026-04-18T21:16:33.000Z","name":"http://ledger.updates-2026.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ledger.updates-2026.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045612471952576740"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5787cf1-7a65-5e4d-93a7-325b7153fdb9","created":"2026-04-18T21:39:55.000Z","modified":"2026-04-18T21:39:55.000Z","valid_from":"2026-04-18T21:39:55.000Z","name":"heliosup.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'heliosup.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045618350131171824"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebbd60dd-4869-5b1c-8461-23449080fda9","created":"2026-04-18T21:39:55.000Z","modified":"2026-04-18T21:39:55.000Z","valid_from":"2026-04-18T21:39:55.000Z","name":"http://heliosup.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://heliosup.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045618350131171824"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b66a240-7599-5197-acd2-dc06668975e0","created":"2026-04-18T21:52:30.000Z","modified":"2026-04-18T21:52:30.000Z","valid_from":"2026-04-18T21:52:30.000Z","name":"https://raw.githubusercontent.com/phishdestroy/destroylist/main/rootlist/formats/community/hosts.txt","description":"IOC reported by @medsci_yb3r on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://raw.githubusercontent.com/phishdestroy/destroylist/main/rootlist/formats/community/hosts.txt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/medsci_yb3r/status/2045621517577581027"}],"labels":["Kimsuky","Vidar"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e569d7cb-d1bc-5c39-ad70-d5ee072117d1","created":"2026-04-18T22:49:40.000Z","modified":"2026-04-18T22:49:40.000Z","valid_from":"2026-04-18T22:49:40.000Z","name":"instance-jtyhkb-relay.screenconnect.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'instance-jtyhkb-relay.screenconnect.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045635906502000751"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b613f4d-8ae9-52f6-95bf-531cd4b6b884","created":"2026-04-18T22:49:40.000Z","modified":"2026-04-18T22:49:40.000Z","valid_from":"2026-04-18T22:49:40.000Z","name":"http://instance-jtyhkb-relay.screenconnect.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://instance-jtyhkb-relay.screenconnect.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2045635906502000751"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--781e4bba-2235-58cb-a205-7f7b54105e04","created":"2026-04-19T02:36:14.000Z","modified":"2026-04-19T02:36:14.000Z","valid_from":"2026-04-19T02:36:14.000Z","name":"allegro-lokalnie.299328g74.lol","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'allegro-lokalnie.299328g74.lol']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045692922520121462"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--854e945d-780a-5857-a082-50a10c413020","created":"2026-04-19T02:36:14.000Z","modified":"2026-04-19T02:36:14.000Z","valid_from":"2026-04-19T02:36:14.000Z","name":"https://allegro-lokalnie.299328g74.lol","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://allegro-lokalnie.299328g74.lol']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045692922520121462"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fbde870-5437-59a7-aef7-7f9dd7c10037","created":"2026-04-19T05:53:16.000Z","modified":"2026-04-19T05:53:16.000Z","valid_from":"2026-04-19T05:53:16.000Z","name":"macsupp-usb.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'macsupp-usb.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2045742506017738876"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5cdfd6ed-c098-5dbb-994c-087c040c2359","created":"2026-04-19T05:53:16.000Z","modified":"2026-04-19T05:53:16.000Z","valid_from":"2026-04-19T05:53:16.000Z","name":"http://macsupp-usb.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://macsupp-usb.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2045742506017738876"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--649ac9b2-9ab1-5265-a3f0-9d96bd1f9ed7","created":"2026-04-19T05:53:16.000Z","modified":"2026-04-19T05:53:16.000Z","valid_from":"2026-04-19T05:53:16.000Z","name":"arkypc.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'arkypc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2045742506017738876"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71d16e4d-3d39-57f4-93f7-7fc35934ee0c","created":"2026-04-19T05:53:16.000Z","modified":"2026-04-19T05:53:16.000Z","valid_from":"2026-04-19T05:53:16.000Z","name":"http://arkypc.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://arkypc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2045742506017738876"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f374732b-5eab-5a3f-b6a2-e371a80cd5fe","created":"2026-04-19T10:58:06.000Z","modified":"2026-04-19T10:58:06.000Z","valid_from":"2026-04-19T10:58:06.000Z","name":"AnchorWallet.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'AnchorWallet.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045819219229470878"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ace4fcd-2765-5b82-9c28-870b4fa75410","created":"2026-04-19T10:58:06.000Z","modified":"2026-04-19T10:58:06.000Z","valid_from":"2026-04-19T10:58:06.000Z","name":"http://AnchorWallet.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://AnchorWallet.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045819219229470878"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--89b82240-f230-52f5-a84c-f19a33bf345b","created":"2026-04-19T10:58:06.000Z","modified":"2026-04-19T10:58:06.000Z","valid_from":"2026-04-19T10:58:06.000Z","name":"Greymass.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Greymass.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045819219229470878"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--336f62e4-db90-5747-aeca-147675e12567","created":"2026-04-19T10:58:06.000Z","modified":"2026-04-19T10:58:06.000Z","valid_from":"2026-04-19T10:58:06.000Z","name":"http://Greymass.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Greymass.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045819219229470878"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3750907-009e-5df6-a232-d31bcffd72d4","created":"2026-04-19T14:09:20.000Z","modified":"2026-04-19T14:09:20.000Z","valid_from":"2026-04-19T14:09:20.000Z","name":"http://176.65.134.19/o","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://176.65.134.19/o']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2045867346846220787"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--63e57c7f-ee3b-5c4e-bd56-d358131f5638","created":"2026-04-19T14:09:20.000Z","modified":"2026-04-19T14:09:20.000Z","valid_from":"2026-04-19T14:09:20.000Z","name":"193.142.146.230","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.142.146.230']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2045867346846220787"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--881bc725-c5d8-5cc8-8d9f-ad93b3f4c797","created":"2026-04-19T14:09:20.000Z","modified":"2026-04-19T14:09:20.000Z","valid_from":"2026-04-19T14:09:20.000Z","name":"176.65.134.19","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '176.65.134.19']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2045867346846220787"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4d48b46-cc11-579e-9c0e-92fad3dd4aab","created":"2026-04-19T14:49:23.000Z","modified":"2026-04-19T14:49:23.000Z","valid_from":"2026-04-19T14:49:23.000Z","name":"societegeneraleturkiye.org","description":"IOC reported by @Alopsis on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'societegeneraleturkiye.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Alopsis/status/2045877426496868710"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6386826b-68c1-5330-8683-06c64cca8bd3","created":"2026-04-19T14:49:23.000Z","modified":"2026-04-19T14:49:23.000Z","valid_from":"2026-04-19T14:49:23.000Z","name":"https://societegeneraleturkiye.org/index.php","description":"IOC reported by @Alopsis on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://societegeneraleturkiye.org/index.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Alopsis/status/2045877426496868710"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--11a29d70-2c9b-5d21-bd26-fecaf1c2d15f","created":"2026-04-19T15:02:01.000Z","modified":"2026-04-19T15:02:01.000Z","valid_from":"2026-04-19T15:02:01.000Z","name":"dragoservers.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dragoservers.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2045880604630118862"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eaa287ba-5f16-53e8-967c-9e9b45d84b6f","created":"2026-04-19T15:02:01.000Z","modified":"2026-04-19T15:02:01.000Z","valid_from":"2026-04-19T15:02:01.000Z","name":"http://dragoservers.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dragoservers.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2045880604630118862"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a5dd2fb-a7d7-5bb9-bdb0-93b56c83d1c3","created":"2026-04-19T16:24:50.000Z","modified":"2026-04-19T16:24:50.000Z","valid_from":"2026-04-19T16:24:50.000Z","name":"shortu.be","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'shortu.be']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045901445220778247"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9847825a-5682-52cc-95cb-a234d03f694b","created":"2026-04-19T16:24:50.000Z","modified":"2026-04-19T16:24:50.000Z","valid_from":"2026-04-19T16:24:50.000Z","name":"https://shortu.be/03cdbc","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://shortu.be/03cdbc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2045901445220778247"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ff4121f-c77c-5824-a69a-446c94d80ac7","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"yzwtz.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'yzwtz.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6530927e-6c5d-5629-98d8-5c02f50309ce","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"http://yzwtz.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://yzwtz.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f657ee9a-59e8-5bc5-b660-ae58be8a4375","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"cogot.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cogot.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4cb4d43c-d335-5cb8-92ea-0398132d16a4","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"http://cogot.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cogot.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ce0899f-7b9a-56ef-8239-ffdf83632a19","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"techsavys.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'techsavys.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9acf2e0-6c6b-5750-9348-198d4181fdf5","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"http://techsavys.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://techsavys.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a4da43e-4899-5e37-afb5-639391add912","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"finance-ls.pages.dev","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'finance-ls.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03d3a55b-9b05-5b66-b2bf-d3c5665eec22","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"http://finance-ls.pages.dev","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://finance-ls.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1768714f-a12e-55e9-ad29-85644fe37de8","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"finance-ls.cash-survvey.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'finance-ls.cash-survvey.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9556c656-ac7d-55df-94ff-529103709021","created":"2026-04-19T17:01:50.000Z","modified":"2026-04-19T17:01:50.000Z","valid_from":"2026-04-19T17:01:50.000Z","name":"http://finance-ls.cash-survvey.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://finance-ls.cash-survvey.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2045910756626178310"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bf57b2c-7f45-54c8-9948-c4195353ada2","created":"2026-04-19T17:54:54.000Z","modified":"2026-04-19T17:54:54.000Z","valid_from":"2026-04-19T17:54:54.000Z","name":"carpautos.com","description":"IOC reported by @Dkavalanche on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'carpautos.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Dkavalanche/status/2045924110673248582"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e17e2c65-8294-5e14-91e5-dea7f3645af1","created":"2026-04-19T17:54:54.000Z","modified":"2026-04-19T17:54:54.000Z","valid_from":"2026-04-19T17:54:54.000Z","name":"https://www.carpautos.com/ar/?utm_source=remarkety&utm_medium=email&utm_campaign=Welcome%","description":"IOC reported by @Dkavalanche on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.carpautos.com/ar/?utm_source=remarkety&utm_medium=email&utm_campaign=Welcome%']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Dkavalanche/status/2045924110673248582"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52f92331-ac2a-53bd-842d-02cedadc15ef","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"ns17ios.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ns17ios.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e85a766a-a450-5a4b-8d63-37f0a1078fc2","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://ns17ios.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ns17ios.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a00a98a-97da-5b06-af2d-b06faf035a75","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"n-store.ns17ios.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-store.ns17ios.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ed31597-9d82-5c5b-b8f9-43db549ad0c9","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://n-store.ns17ios.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-store.ns17ios.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fc5bd04-0787-51c6-9ba2-4d5c68d3c138","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"iec11px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iec11px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--468ab44c-7211-5585-ad0f-e8fd7ff823c4","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://iec11px.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://iec11px.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4644f0cf-5176-5e5b-b75a-a34cc603dae8","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"n-cloud.nos37ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-cloud.nos37ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41ac7073-7569-5c58-802d-a1cd832c6e4a","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://n-cloud.nos37ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-cloud.nos37ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--57d380bf-6588-5c22-a40f-b61568a676af","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"mts2op.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mts2op.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b195ecb4-d75b-549e-abf2-f737ced1f6ec","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://mts2op.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mts2op.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb3161af-de49-586b-9293-e25e9a6f9376","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"nos37ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nos37ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--578f0350-d201-51c3-9714-a8967b91300d","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://nos37ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nos37ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd44ca9a-4e64-5dd3-8bec-535993cc676b","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"nid-user.nos37ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-user.nos37ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9f30839-d36f-5bff-a13e-a545a35a49ae","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://nid-user.nos37ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-user.nos37ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--270523cc-5d37-55e2-893f-7edabf043ea4","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"nos35ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nos35ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05e787b7-f755-527f-afe3-c3fa036850d5","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://nos35ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nos35ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac54dbad-0e15-5e8d-841c-c7c2a622676b","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"nos36ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nos36ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81426dee-7509-564f-b0ed-b7cdefb6e9fa","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://nos36ips.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nos36ips.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdc4c34e-003c-50ad-a7d0-e5437b59fa14","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"nos34ips.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nos34ips.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f03ec78a-a41d-5b4e-9967-266be077277d","created":"2026-04-19T20:31:55.000Z","modified":"2026-04-19T20:31:55.000Z","valid_from":"2026-04-19T20:31:55.000Z","name":"http://nos34ips.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nos34ips.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045963626901897341"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5bfc804-413e-5201-9634-7addd60e5228","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"ntv.support","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntv.support']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--799e101c-d7c6-53c4-95e1-72441aea993f","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://ntv.support","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntv.support']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e201337-e14d-5ba2-920a-10a9ffa2c814","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"telstraaccount.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'telstraaccount.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ddce63d-c39e-5bc7-aeb2-463863d485ce","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://telstraaccount.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://telstraaccount.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--24684974-3b1c-58e0-8989-64ffab3145fa","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"iyogi.ca","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iyogi.ca']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e11ed8ce-83ab-5c48-8af6-4106fab79dc6","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://iyogi.ca","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://iyogi.ca']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--28c5c224-9711-5b9a-842f-987c2ef4c88f","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"ec2-54-177-189-169.us-west-1.compute.amazonaws.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ec2-54-177-189-169.us-west-1.compute.amazonaws.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--64efb335-0281-5b8b-af53-893501eccd0e","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://ec2-54-177-189-169.us-west-1.compute.amazonaws.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ec2-54-177-189-169.us-west-1.compute.amazonaws.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--71cd72a1-e11c-5510-874f-517529397295","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"gpsupdate.support","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gpsupdate.support']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--31e846f9-8e34-58da-b64d-03dfe32541d1","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://gpsupdate.support","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gpsupdate.support']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--478c12f8-f9ef-53e7-bb26-c73de0b1199e","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"thenextosoft.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'thenextosoft.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fab9cc8a-ec28-519f-9120-eb128a3294af","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://thenextosoft.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://thenextosoft.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e782c669-3af7-51d7-bfa7-cbcf139b03cd","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"clamxavaccount.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'clamxavaccount.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3adea385-ae2e-5069-aeda-4bc0654dabef","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://clamxavaccount.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://clamxavaccount.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--03b6b1ab-9802-5477-955e-53ef541af782","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"howtocancelfubotv.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'howtocancelfubotv.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7243c614-9568-5cc0-94a8-f5e0ce5285ac","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://howtocancelfubotv.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://howtocancelfubotv.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2bc4b21-e316-58b0-864f-2552aa2ddd33","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"totaldefensesystems.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'totaldefensesystems.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--35d70ba5-71a1-564c-9b74-5e0540eb4460","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://totaldefensesystems.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://totaldefensesystems.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b81157a-2e50-56df-a76a-dc3209b38293","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"totaldefenceaccount.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'totaldefenceaccount.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe6749ae-a364-5c97-af2c-8940daea5eae","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://totaldefenceaccount.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://totaldefenceaccount.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8c72ac8-70c0-52ff-bbae-dff2992b21aa","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"mywifiisnotworking.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mywifiisnotworking.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b652a44-7cd3-5d39-996e-1bd5c43317bb","created":"2026-04-19T20:41:58.000Z","modified":"2026-04-19T20:41:58.000Z","valid_from":"2026-04-19T20:41:58.000Z","name":"http://mywifiisnotworking.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mywifiisnotworking.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045966154842439694"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4de7f1b-1c17-589f-b71c-58b08ef9c295","created":"2026-04-19T21:29:17.000Z","modified":"2026-04-19T21:29:17.000Z","valid_from":"2026-04-19T21:29:17.000Z","name":"context.inc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'context.inc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045978064799031625"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fb33ee9-a521-568c-bb95-47b9239968dc","created":"2026-04-19T21:29:17.000Z","modified":"2026-04-19T21:29:17.000Z","valid_from":"2026-04-19T21:29:17.000Z","name":"https://context.inc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://context.inc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045978064799031625"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c4a5de6e-0d15-5168-94dd-60e9c262f6c0","created":"2026-04-19T21:29:17.000Z","modified":"2026-04-19T21:29:17.000Z","valid_from":"2026-04-19T21:29:17.000Z","name":"http://context.inc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://context.inc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2045978064799031625"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--504660d4-011f-51df-a657-6f323155822e","created":"2026-04-20T01:11:54.000Z","modified":"2026-04-20T01:11:54.000Z","valid_from":"2026-04-20T01:11:54.000Z","name":"https://whatswrongwithmybathroom.com/captcha/go/c358b5c582fdd7d5631e9d882b2b2125","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://whatswrongwithmybathroom.com/captcha/go/c358b5c582fdd7d5631e9d882b2b2125']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034088868692010"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ddfb174-2ee2-5bb0-b10d-dfa05c93cba2","created":"2026-04-20T01:11:54.000Z","modified":"2026-04-20T01:11:54.000Z","valid_from":"2026-04-20T01:11:54.000Z","name":"https://whatswrongwithmybathroom.com/s/tmddypltug","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://whatswrongwithmybathroom.com/s/tmddypltug']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034086972813738"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38063700-8bff-59f4-8172-0a661a2ea390","created":"2026-04-20T01:11:54.000Z","modified":"2026-04-20T01:11:54.000Z","valid_from":"2026-04-20T01:11:54.000Z","name":"34.180.74.27","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.180.74.27']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034086972813738"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6eba194-f32f-5ce8-bd8b-b9aad05ad3ae","created":"2026-04-20T01:13:23.000Z","modified":"2026-04-20T01:13:23.000Z","valid_from":"2026-04-20T01:13:23.000Z","name":"whatswrongwithmybathroom.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'whatswrongwithmybathroom.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034462040117751"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--425e3f53-bb0e-5d6a-a395-28bbc9af89db","created":"2026-04-20T01:13:23.000Z","modified":"2026-04-20T01:13:23.000Z","valid_from":"2026-04-20T01:13:23.000Z","name":"https://whatswrongwithmybathroom.com/captcha/go/d9ec31c7e2c7d7880db722308a2cfd3b","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://whatswrongwithmybathroom.com/captcha/go/d9ec31c7e2c7d7880db722308a2cfd3b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034462040117751"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff75f9ba-a09e-584a-9b9b-2ff2825250ee","created":"2026-04-20T01:13:23.000Z","modified":"2026-04-20T01:13:23.000Z","valid_from":"2026-04-20T01:13:23.000Z","name":"rhiszfpgzpleb.top","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rhiszfpgzpleb.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034462040117751"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb9ec1b8-28e3-5ff4-8b12-5bb5f36ca966","created":"2026-04-20T01:13:23.000Z","modified":"2026-04-20T01:13:23.000Z","valid_from":"2026-04-20T01:13:23.000Z","name":"https://rhiszfpgzpleb.top/jp","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rhiszfpgzpleb.top/jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034462040117751"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d65e37f-d6a0-5edd-875a-e63da397fc8a","created":"2026-04-20T01:13:23.000Z","modified":"2026-04-20T01:13:23.000Z","valid_from":"2026-04-20T01:13:23.000Z","name":"47.79.0.71","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.79.0.71']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034462040117751"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9aa5de30-a09e-5389-b539-33af1e032a9b","created":"2026-04-20T01:13:23.000Z","modified":"2026-04-20T01:13:23.000Z","valid_from":"2026-04-20T01:13:23.000Z","name":"https://whatswrongwithmybathroom.com/s/eflumvfvol","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://whatswrongwithmybathroom.com/s/eflumvfvol']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034460123234559"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab31bb5e-9deb-5a56-9c8d-ae7a43179ba2","created":"2026-04-20T01:13:23.000Z","modified":"2026-04-20T01:13:23.000Z","valid_from":"2026-04-20T01:13:23.000Z","name":"34.146.118.157","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.146.118.157']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034460123234559"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7415361b-f45d-51f0-bbbc-8c8adc048ebd","created":"2026-04-20T01:13:23.000Z","modified":"2026-04-20T01:13:23.000Z","valid_from":"2026-04-20T01:13:23.000Z","name":"101.32.97.203","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '101.32.97.203']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046034460123234559"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6d32f89-eb71-5d0a-bc44-4b438c66c7c1","created":"2026-04-20T01:45:41.000Z","modified":"2026-04-20T01:45:41.000Z","valid_from":"2026-04-20T01:45:41.000Z","name":"qr.paypay.ne.jp","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'qr.paypay.ne.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046042587434545204"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d18942f8-640b-54df-b3dc-5dd8e996a027","created":"2026-04-20T01:45:41.000Z","modified":"2026-04-20T01:45:41.000Z","valid_from":"2026-04-20T01:45:41.000Z","name":"https://qr.paypay.ne.jp/p2p01_N5S5brwcxezzNSnU","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://qr.paypay.ne.jp/p2p01_N5S5brwcxezzNSnU']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046042587434545204"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2aa1cbb5-bee6-585b-90e1-b439ecf86149","created":"2026-04-20T01:45:41.000Z","modified":"2026-04-20T01:45:41.000Z","valid_from":"2026-04-20T01:45:41.000Z","name":"206.180.146.184","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '206.180.146.184']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046042587434545204"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--637914f5-7718-5d6c-a770-a8b51e861a65","created":"2026-04-20T01:45:41.000Z","modified":"2026-04-20T01:45:41.000Z","valid_from":"2026-04-20T01:45:41.000Z","name":"3.164.143.129","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '3.164.143.129']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046042587434545204"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38a4a81c-097e-5937-ad89-23f40a555b53","created":"2026-04-20T01:50:15.000Z","modified":"2026-04-20T01:50:15.000Z","valid_from":"2026-04-20T01:50:15.000Z","name":"hydrothermalconvection.cfd","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hydrothermalconvection.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046043737252614171"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--13536f8a-ad45-5534-af53-5ba9575378e9","created":"2026-04-20T01:50:15.000Z","modified":"2026-04-20T01:50:15.000Z","valid_from":"2026-04-20T01:50:15.000Z","name":"https://www.hydrothermalconvection.cfd/rn7xIs","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.hydrothermalconvection.cfd/rn7xIs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046043737252614171"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eaf0e654-ff61-5d5d-8f98-5387580117b6","created":"2026-04-20T01:52:24.000Z","modified":"2026-04-20T01:52:24.000Z","valid_from":"2026-04-20T01:52:24.000Z","name":"kekcoklat.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kekcoklat.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046044280737988677"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4233fc1b-e1f1-5dcf-98f9-5a916d6d3a01","created":"2026-04-20T01:52:24.000Z","modified":"2026-04-20T01:52:24.000Z","valid_from":"2026-04-20T01:52:24.000Z","name":"https://kekcoklat.com/s/wkbrszgrqz","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://kekcoklat.com/s/wkbrszgrqz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046044280737988677"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e3bbc27-7ec1-54fe-800b-2dc727aff7e4","created":"2026-04-20T01:52:24.000Z","modified":"2026-04-20T01:52:24.000Z","valid_from":"2026-04-20T01:52:24.000Z","name":"34.180.88.108","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.180.88.108']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046044280737988677"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7575772e-a827-594a-a5d9-1aa0f0cb6fb1","created":"2026-04-20T01:53:20.000Z","modified":"2026-04-20T01:53:20.000Z","valid_from":"2026-04-20T01:53:20.000Z","name":"xiexinbin.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xiexinbin.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046044512519344208"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5654f490-876d-520a-b929-8e8fe4e8a404","created":"2026-04-20T01:53:20.000Z","modified":"2026-04-20T01:53:20.000Z","valid_from":"2026-04-20T01:53:20.000Z","name":"https://xiexinbin.com/s/jxmnstiscj","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://xiexinbin.com/s/jxmnstiscj']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046044512519344208"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37d8a3aa-de1c-5643-af81-2e10bc84090c","created":"2026-04-20T01:53:20.000Z","modified":"2026-04-20T01:53:20.000Z","valid_from":"2026-04-20T01:53:20.000Z","name":"ijudyob.top","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ijudyob.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046044512519344208"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d9c4026-c962-518d-9e44-5273864b90e9","created":"2026-04-20T01:53:20.000Z","modified":"2026-04-20T01:53:20.000Z","valid_from":"2026-04-20T01:53:20.000Z","name":"https://ijudyob.top/jp","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ijudyob.top/jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046044512519344208"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5257810c-05c0-5621-bbc3-4ca594bafb18","created":"2026-04-20T01:53:20.000Z","modified":"2026-04-20T01:53:20.000Z","valid_from":"2026-04-20T01:53:20.000Z","name":"34.146.169.205","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.146.169.205']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046044512519344208"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc231c4b-c1b8-5080-9e67-4c70b91daa08","created":"2026-04-20T01:53:20.000Z","modified":"2026-04-20T01:53:20.000Z","valid_from":"2026-04-20T01:53:20.000Z","name":"43.128.252.32","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.128.252.32']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046044512519344208"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0076137-7798-58d1-abd6-5c68a3d0733f","created":"2026-04-20T01:58:55.000Z","modified":"2026-04-20T01:58:55.000Z","valid_from":"2026-04-20T01:58:55.000Z","name":"1nlakuvrvn2wuk4.s3-website-us-east-1.amazonaws.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '1nlakuvrvn2wuk4.s3-website-us-east-1.amazonaws.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046045919070806430"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f518f20-3f09-5d6e-82c7-831bd9cdaee0","created":"2026-04-20T01:58:55.000Z","modified":"2026-04-20T01:58:55.000Z","valid_from":"2026-04-20T01:58:55.000Z","name":"http://1nlakuvrvn2wuk4.s3-website-us-east-1.amazonaws.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://1nlakuvrvn2wuk4.s3-website-us-east-1.amazonaws.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046045919070806430"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7f7bc7e-9fcc-53b4-a8ac-7e4ec289bfc7","created":"2026-04-20T01:58:55.000Z","modified":"2026-04-20T01:58:55.000Z","valid_from":"2026-04-20T01:58:55.000Z","name":"valientedo.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'valientedo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046045919070806430"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fe4bc95-e5fe-502c-a7b8-e9f3c4c9a37c","created":"2026-04-20T01:58:55.000Z","modified":"2026-04-20T01:58:55.000Z","valid_from":"2026-04-20T01:58:55.000Z","name":"http://valientedo.com/rr/","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://valientedo.com/rr/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046045919070806430"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ba5f656-92c5-5beb-b957-db0051054a3e","created":"2026-04-20T01:58:55.000Z","modified":"2026-04-20T01:58:55.000Z","valid_from":"2026-04-20T01:58:55.000Z","name":"sslserver1.sviluppo.host","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sslserver1.sviluppo.host']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046045919070806430"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8746bd82-aadd-552d-9c01-1253e8b05a83","created":"2026-04-20T01:58:55.000Z","modified":"2026-04-20T01:58:55.000Z","valid_from":"2026-04-20T01:58:55.000Z","name":"http://sslserver1.sviluppo.host","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sslserver1.sviluppo.host']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046045919070806430"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9e98d3f-27c2-5e13-9b56-19993f338ad9","created":"2026-04-20T01:58:55.000Z","modified":"2026-04-20T01:58:55.000Z","valid_from":"2026-04-20T01:58:55.000Z","name":"http://sslserver1.sviluppo.host/sent/log.php","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sslserver1.sviluppo.host/sent/log.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046045919070806430"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64562ec8-cffe-5028-821b-278be419affa","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"psa-gov.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'psa-gov.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8d308c7-6706-5247-bb52-0a20147c7c00","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"https://www.psa-gov.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.psa-gov.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d9381b9-c1da-59d2-b0f6-1a9d1ddd15a0","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"egovofficial.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'egovofficial.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--11d070da-67a3-5f65-895a-358631bafd76","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"https://egovofficial.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://egovofficial.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c17ec84-ac33-5eac-9ed9-9d4e6b5dd10f","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"civfin.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'civfin.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92613b97-c50e-58de-91bb-75bf5747dd35","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"https://civfin.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://civfin.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dbc3e8bc-baef-5500-a17a-4223f86c95b9","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"reportinfo.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'reportinfo.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a921fd2-4ca0-5e82-8fca-73fec3ac2430","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"https://reportinfo.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://reportinfo.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--326b519a-7c1d-5ed1-a364-5e83257e344e","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"grantusgov.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'grantusgov.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e7ed661-0988-5252-abb4-9e5ddbbfd05a","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"https://grantusgov.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://grantusgov.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec1f83aa-315c-594e-a735-e33c8ca7c8ef","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"immis.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'immis.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f69d7c24-c053-50d6-94e1-010c78c02b02","created":"2026-04-20T02:05:28.000Z","modified":"2026-04-20T02:05:28.000Z","valid_from":"2026-04-20T02:05:28.000Z","name":"https://immis.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://immis.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046047565913661914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6aeb166-5854-561b-a79d-56760bfb385c","created":"2026-04-20T02:06:16.000Z","modified":"2026-04-20T02:06:16.000Z","valid_from":"2026-04-20T02:06:16.000Z","name":"pop.ip-ddns.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pop.ip-ddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046047767584469108"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--80ca25c0-cf9a-5a01-a090-b86edb167ff7","created":"2026-04-20T02:06:16.000Z","modified":"2026-04-20T02:06:16.000Z","valid_from":"2026-04-20T02:06:16.000Z","name":"http://pop.ip-ddns.com/pdfdocument/","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pop.ip-ddns.com/pdfdocument/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046047767584469108"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30fa911d-d6b8-5b1f-9321-d1a4001ea5b1","created":"2026-04-20T02:08:57.000Z","modified":"2026-04-20T02:08:57.000Z","valid_from":"2026-04-20T02:08:57.000Z","name":"https://www.geotherm.cfd/ycvdapfsgjsuMfygyyntet","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.geotherm.cfd/ycvdapfsgjsuMfygyyntet']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046048444092207444"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53f37d37-3e01-5a4c-8128-726d82dc7937","created":"2026-04-20T02:08:57.000Z","modified":"2026-04-20T02:08:57.000Z","valid_from":"2026-04-20T02:08:57.000Z","name":"34.131.255.21","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.131.255.21']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046048444092207444"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa6ed848-cd86-5601-866a-8533f1e48017","created":"2026-04-20T02:10:08.000Z","modified":"2026-04-20T02:10:08.000Z","valid_from":"2026-04-20T02:10:08.000Z","name":"geotherm.cfd","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'geotherm.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046048740650406103"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98096be1-5b86-5bfb-80ee-78f29984fa62","created":"2026-04-20T02:10:08.000Z","modified":"2026-04-20T02:10:08.000Z","valid_from":"2026-04-20T02:10:08.000Z","name":"https://www.geotherm.cfd/hzldtkiiftzaMqujdneemt","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.geotherm.cfd/hzldtkiiftzaMqujdneemt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046048740650406103"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--852349ca-38a5-5411-8fd8-7e07ae6c19e3","created":"2026-04-20T02:10:08.000Z","modified":"2026-04-20T02:10:08.000Z","valid_from":"2026-04-20T02:10:08.000Z","name":"34.131.132.20","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.131.132.20']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046048740650406103"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67cbea40-d76e-5415-b04f-b3378f1750d8","created":"2026-04-20T02:19:17.000Z","modified":"2026-04-20T02:19:17.000Z","valid_from":"2026-04-20T02:19:17.000Z","name":"soilsampling.cfd","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'soilsampling.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046051043793043965"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8dd56096-abb1-5a91-9913-6ef24c04d09b","created":"2026-04-20T02:19:17.000Z","modified":"2026-04-20T02:19:17.000Z","valid_from":"2026-04-20T02:19:17.000Z","name":"https://www.soilsampling.cfd/eimdowucrwjwMfzgjwgbit","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.soilsampling.cfd/eimdowucrwjwMfzgjwgbit']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046051043793043965"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e34d711a-2e34-50bd-af9d-4e3451f67b6d","created":"2026-04-20T02:19:17.000Z","modified":"2026-04-20T02:19:17.000Z","valid_from":"2026-04-20T02:19:17.000Z","name":"34.131.187.157","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.131.187.157']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046051043793043965"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af1fbf18-c9ec-5185-8034-43652dbbdf1b","created":"2026-04-20T02:28:19.000Z","modified":"2026-04-20T02:28:19.000Z","valid_from":"2026-04-20T02:28:19.000Z","name":"tv-didiaokanqiu-tv.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tv-didiaokanqiu-tv.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046053319203045554"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0909ae5a-5cd4-5009-a20b-93f55fbc17e7","created":"2026-04-20T02:28:19.000Z","modified":"2026-04-20T02:28:19.000Z","valid_from":"2026-04-20T02:28:19.000Z","name":"https://www.tv-didiaokanqiu-tv.com/?claim=9dgjpWRMtbhH1bZm4qH4JMEo","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.tv-didiaokanqiu-tv.com/?claim=9dgjpWRMtbhH1bZm4qH4JMEo']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046053319203045554"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e72c790d-60f1-5821-880c-f1ec1926a86e","created":"2026-04-20T02:28:19.000Z","modified":"2026-04-20T02:28:19.000Z","valid_from":"2026-04-20T02:28:19.000Z","name":"8.229.229.103","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.229.229.103']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046053319203045554"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf44570e-a2b7-5dd0-8850-c7c05491048e","created":"2026-04-20T02:28:20.000Z","modified":"2026-04-20T02:28:20.000Z","valid_from":"2026-04-20T02:28:20.000Z","name":"atxbh7a6.shop","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'atxbh7a6.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046053321203671474"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7f60fa3-d1c0-5f1e-a18a-05ade30c0901","created":"2026-04-20T02:28:20.000Z","modified":"2026-04-20T02:28:20.000Z","valid_from":"2026-04-20T02:28:20.000Z","name":"https://www.atxbh7a6.shop/mxh7ysng?_t=7Z0psTwqYS4sqC-yt2YB2qwBDhQUNXldZbEWLJLUJVE","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.atxbh7a6.shop/mxh7ysng?_t=7Z0psTwqYS4sqC-yt2YB2qwBDhQUNXldZbEWLJLUJVE']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046053321203671474"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9107744f-b691-51b7-bacf-371970712e9e","created":"2026-04-20T02:41:21.000Z","modified":"2026-04-20T02:41:21.000Z","valid_from":"2026-04-20T02:41:21.000Z","name":"delhibellyindia.com","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'delhibellyindia.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2046056599568200055"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6098fb7-6c81-5a85-bf48-6ff3f8651f29","created":"2026-04-20T02:41:21.000Z","modified":"2026-04-20T02:41:21.000Z","valid_from":"2026-04-20T02:41:21.000Z","name":"http://delhibellyindia.com","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://delhibellyindia.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2046056599568200055"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89d8e7b7-ed74-53c9-bf4e-6041e9828b65","created":"2026-04-20T02:41:21.000Z","modified":"2026-04-20T02:41:21.000Z","valid_from":"2026-04-20T02:41:21.000Z","name":"http://2.56.10.46","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://2.56.10.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2046056599568200055"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d46a2c8-75f4-5fd7-a7f6-7b09f7b1aa7a","created":"2026-04-20T02:41:21.000Z","modified":"2026-04-20T02:41:21.000Z","valid_from":"2026-04-20T02:41:21.000Z","name":"http://45.13.225.22","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.13.225.22']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2046056599568200055"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5419951f-97a9-5b32-8ca2-73636288e2b0","created":"2026-04-20T02:41:21.000Z","modified":"2026-04-20T02:41:21.000Z","valid_from":"2026-04-20T02:41:21.000Z","name":"2.56.10.46","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '2.56.10.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2046056599568200055"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c733ad0c-7d8b-5efc-8d45-efc1e93f5b60","created":"2026-04-20T02:41:21.000Z","modified":"2026-04-20T02:41:21.000Z","valid_from":"2026-04-20T02:41:21.000Z","name":"45.13.225.22","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.13.225.22']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2046056599568200055"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63762af4-c4af-51e9-941d-cb7bcd5d0123","created":"2026-04-20T02:54:47.000Z","modified":"2026-04-20T02:54:47.000Z","valid_from":"2026-04-20T02:54:47.000Z","name":"https://www.thermalregime.cfd/frtdoaeelipsMdswzbvptt","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.thermalregime.cfd/frtdoaeelipsMdswzbvptt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046059977257975811"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bc373fe-aa84-5164-9f86-13f8b34dfce3","created":"2026-04-20T02:54:47.000Z","modified":"2026-04-20T02:54:47.000Z","valid_from":"2026-04-20T02:54:47.000Z","name":"34.131.53.237","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.131.53.237']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046059977257975811"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d5e5d23-2d3f-53d2-aa1f-041600cf4acd","created":"2026-04-20T02:55:58.000Z","modified":"2026-04-20T02:55:58.000Z","valid_from":"2026-04-20T02:55:58.000Z","name":"thermalrelaxation.cfd","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'thermalrelaxation.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046060278044041689"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe960aaf-75c4-5457-a4fe-fbaa29b82e38","created":"2026-04-20T02:55:58.000Z","modified":"2026-04-20T02:55:58.000Z","valid_from":"2026-04-20T02:55:58.000Z","name":"https://www.thermalrelaxation.cfd/lfMgYK","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.thermalrelaxation.cfd/lfMgYK']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046060278044041689"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--193d8a77-c608-5f26-93af-57bd3a3dcc12","created":"2026-04-20T02:55:58.000Z","modified":"2026-04-20T02:55:58.000Z","valid_from":"2026-04-20T02:55:58.000Z","name":"thermalregime.cfd","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'thermalregime.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046060276307665024"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--144b67e7-4f8a-5b5b-bda5-274240beb806","created":"2026-04-20T02:55:58.000Z","modified":"2026-04-20T02:55:58.000Z","valid_from":"2026-04-20T02:55:58.000Z","name":"https://www.thermalregime.cfd/ikpdwwxijzvlMlubbwrist","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.thermalregime.cfd/ikpdwwxijzvlMlubbwrist']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046060276307665024"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9fffc5e5-84e5-521f-8419-4c469e022c76","created":"2026-04-20T02:55:58.000Z","modified":"2026-04-20T02:55:58.000Z","valid_from":"2026-04-20T02:55:58.000Z","name":"34.131.158.236","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.131.158.236']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046060276307665024"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec0ad151-393a-5801-a689-98d21942ec9e","created":"2026-04-20T03:55:02.000Z","modified":"2026-04-20T03:55:02.000Z","valid_from":"2026-04-20T03:55:02.000Z","name":"taw9eeli.com","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'taw9eeli.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2046075139956117904"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--17347ad4-69e6-543e-a4f4-cf156eee0f39","created":"2026-04-20T03:55:02.000Z","modified":"2026-04-20T03:55:02.000Z","valid_from":"2026-04-20T03:55:02.000Z","name":"http://taw9eeli.com","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://taw9eeli.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2046075139956117904"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f230a980-5e50-5e6d-8022-79ac9e6f34aa","created":"2026-04-20T05:07:09.000Z","modified":"2026-04-20T05:07:09.000Z","valid_from":"2026-04-20T05:07:09.000Z","name":"context.ai","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'context.ai']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046093287723868642"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c33a1838-202a-5285-ba41-802d8223c63e","created":"2026-04-20T05:07:09.000Z","modified":"2026-04-20T05:07:09.000Z","valid_from":"2026-04-20T05:07:09.000Z","name":"https://context.ai","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://context.ai']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046093287723868642"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a8967c6-dd5b-5158-a0b4-80c2b3edb82f","created":"2026-04-20T05:29:03.000Z","modified":"2026-04-20T05:29:03.000Z","valid_from":"2026-04-20T05:29:03.000Z","name":"allegrolokalnie.186398b7.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'allegrolokalnie.186398b7.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046098801526526101"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4522f37e-9297-52b7-9659-76b2101c5dbe","created":"2026-04-20T05:29:03.000Z","modified":"2026-04-20T05:29:03.000Z","valid_from":"2026-04-20T05:29:03.000Z","name":"http://allegrolokalnie.186398b7.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://allegrolokalnie.186398b7.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046098801526526101"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65871899-e8e5-5b96-902b-bbd3ff905f37","created":"2026-04-20T05:31:56.000Z","modified":"2026-04-20T05:31:56.000Z","valid_from":"2026-04-20T05:31:56.000Z","name":"174.138.43.25","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '174.138.43.25']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2046099527753736644"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--836a520b-a06b-5f4c-b65b-31d97aa73f3d","created":"2026-04-20T05:46:13.000Z","modified":"2026-04-20T05:46:13.000Z","valid_from":"2026-04-20T05:46:13.000Z","name":"https://indicaskitchen.com/l/xbrcwguhhd","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://indicaskitchen.com/l/xbrcwguhhd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103122981056620"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29712ee7-974b-57e9-bcbb-b9386af2a882","created":"2026-04-20T05:46:13.000Z","modified":"2026-04-20T05:46:13.000Z","valid_from":"2026-04-20T05:46:13.000Z","name":"34.146.207.15","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.146.207.15']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103122981056620"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4785a54-f228-52e7-95ed-43ce00ad2914","created":"2026-04-20T05:46:14.000Z","modified":"2026-04-20T05:46:14.000Z","valid_from":"2026-04-20T05:46:14.000Z","name":"https://indicaskitchen.com/captcha/go/7dd5b9e411e59275b2c950860c2e4897","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://indicaskitchen.com/captcha/go/7dd5b9e411e59275b2c950860c2e4897']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103124927287589"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4806270d-6ac0-5c1e-9747-9f452a1ad0b0","created":"2026-04-20T05:47:35.000Z","modified":"2026-04-20T05:47:35.000Z","valid_from":"2026-04-20T05:47:35.000Z","name":"indicaskitchen.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'indicaskitchen.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103465852854580"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58537804-9d9b-50ac-b44f-4a9b61cf1a27","created":"2026-04-20T05:47:35.000Z","modified":"2026-04-20T05:47:35.000Z","valid_from":"2026-04-20T05:47:35.000Z","name":"https://indicaskitchen.com/captcha/go/2d33916ca60f6cc04b14edd3a657c708","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://indicaskitchen.com/captcha/go/2d33916ca60f6cc04b14edd3a657c708']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103465852854580"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb336032-7506-534e-97ca-612d4dea350b","created":"2026-04-20T05:47:35.000Z","modified":"2026-04-20T05:47:35.000Z","valid_from":"2026-04-20T05:47:35.000Z","name":"meejikfruymk.top","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'meejikfruymk.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103465852854580"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b27f7a62-dd0e-593e-a3e7-16cad056bb04","created":"2026-04-20T05:47:35.000Z","modified":"2026-04-20T05:47:35.000Z","valid_from":"2026-04-20T05:47:35.000Z","name":"https://meejikfruymk.top/jp","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://meejikfruymk.top/jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103465852854580"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77ae2ac9-7396-5853-9da0-639d5eb8b25a","created":"2026-04-20T05:47:35.000Z","modified":"2026-04-20T05:47:35.000Z","valid_from":"2026-04-20T05:47:35.000Z","name":"43.133.1.243","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.133.1.243']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103465852854580"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bda878e6-5582-5ca4-8b17-382da16e77d5","created":"2026-04-20T05:47:35.000Z","modified":"2026-04-20T05:47:35.000Z","valid_from":"2026-04-20T05:47:35.000Z","name":"43.119.18.26","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.119.18.26']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103465852854580"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27babb97-f05f-5236-be2d-70c2e8ec670b","created":"2026-04-20T05:47:35.000Z","modified":"2026-04-20T05:47:35.000Z","valid_from":"2026-04-20T05:47:35.000Z","name":"https://indicaskitchen.com/l/fjweaihgtr","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://indicaskitchen.com/l/fjweaihgtr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103463218864446"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--384e5e90-452d-5a46-942b-213e94fa58f7","created":"2026-04-20T05:47:35.000Z","modified":"2026-04-20T05:47:35.000Z","valid_from":"2026-04-20T05:47:35.000Z","name":"34.180.107.38","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.180.107.38']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046103463218864446"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f86fb7e-688a-5857-9cfe-2b338d5c8161","created":"2026-04-20T05:54:52.000Z","modified":"2026-04-20T05:54:52.000Z","valid_from":"2026-04-20T05:54:52.000Z","name":"infostealers.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'infostealers.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046105299354812472"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ccb99d7b-eaf3-52b3-b35d-7dd065cbe60e","created":"2026-04-20T05:54:52.000Z","modified":"2026-04-20T05:54:52.000Z","valid_from":"2026-04-20T05:54:52.000Z","name":"http://infostealers.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://infostealers.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046105299354812472"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c5d08cc-05f9-5d2f-b082-607ae843936e","created":"2026-04-20T05:54:52.000Z","modified":"2026-04-20T05:54:52.000Z","valid_from":"2026-04-20T05:54:52.000Z","name":"http://context.ai","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://context.ai']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046105299354812472"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a8c48f4-c1b6-5490-a547-7aaf68eb8aad","created":"2026-04-20T06:04:48.000Z","modified":"2026-04-20T06:04:48.000Z","valid_from":"2026-04-20T06:04:48.000Z","name":"https://ddjinxu.com/s/otsobspkdl","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ddjinxu.com/s/otsobspkdl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046107798732472706"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db790e58-8b24-55bb-92c0-383a00445523","created":"2026-04-20T06:04:48.000Z","modified":"2026-04-20T06:04:48.000Z","valid_from":"2026-04-20T06:04:48.000Z","name":"34.146.203.125","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.146.203.125']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046107798732472706"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a69fa2fc-113c-59ed-9636-bf6312751712","created":"2026-04-20T06:04:49.000Z","modified":"2026-04-20T06:04:49.000Z","valid_from":"2026-04-20T06:04:49.000Z","name":"ddjinxu.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ddjinxu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046107803744608735"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d43de95-a123-5746-8c5b-7e2b801c281c","created":"2026-04-20T06:04:49.000Z","modified":"2026-04-20T06:04:49.000Z","valid_from":"2026-04-20T06:04:49.000Z","name":"https://ddjinxu.com/captcha/go/492bda96e1d4ee1427ff1e09f858a1a3","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ddjinxu.com/captcha/go/492bda96e1d4ee1427ff1e09f858a1a3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046107803744608735"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3cc82cd9-ff6b-59c7-b4a6-d9a9ed7fd8f4","created":"2026-04-20T06:06:15.000Z","modified":"2026-04-20T06:06:15.000Z","valid_from":"2026-04-20T06:06:15.000Z","name":"https://ytxqltech.com/s/kmhbiqcjdl","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ytxqltech.com/s/kmhbiqcjdl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046108161082614036"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a27cf8d-b03c-5b82-b39e-f4f281cdd9cc","created":"2026-04-20T06:06:16.000Z","modified":"2026-04-20T06:06:16.000Z","valid_from":"2026-04-20T06:06:16.000Z","name":"ytxqltech.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ytxqltech.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046108165075509506"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2a7d58c-e808-5479-b709-f03c8cee18aa","created":"2026-04-20T06:06:16.000Z","modified":"2026-04-20T06:06:16.000Z","valid_from":"2026-04-20T06:06:16.000Z","name":"https://ytxqltech.com/captcha/go/1256d15243ed5680c5e679d34ac7f932","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ytxqltech.com/captcha/go/1256d15243ed5680c5e679d34ac7f932']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046108165075509506"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d00f3db7-bf2c-520e-96d4-fae816d88fd0","created":"2026-04-20T06:06:16.000Z","modified":"2026-04-20T06:06:16.000Z","valid_from":"2026-04-20T06:06:16.000Z","name":"wfmigylevgif.top","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wfmigylevgif.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046108165075509506"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0039f76-ffe3-5768-8158-f128c333e7b1","created":"2026-04-20T06:06:16.000Z","modified":"2026-04-20T06:06:16.000Z","valid_from":"2026-04-20T06:06:16.000Z","name":"https://wfmigylevgif.top/jpp","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wfmigylevgif.top/jpp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046108165075509506"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3d81585-6017-5e1e-9de0-aae61c56e8de","created":"2026-04-20T06:06:16.000Z","modified":"2026-04-20T06:06:16.000Z","valid_from":"2026-04-20T06:06:16.000Z","name":"43.167.205.243","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.167.205.243']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046108165075509506"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50befc33-c040-57ce-bc70-8a7a9da6acf2","created":"2026-04-20T06:06:16.000Z","modified":"2026-04-20T06:06:16.000Z","valid_from":"2026-04-20T06:06:16.000Z","name":"43.165.167.19","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.165.167.19']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046108165075509506"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d5eb742-06f3-5212-930c-be34c788df11","created":"2026-04-20T06:14:23.000Z","modified":"2026-04-20T06:14:23.000Z","valid_from":"2026-04-20T06:14:23.000Z","name":"pedoturbation.cfd","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pedoturbation.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046110210432131563"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3eda93f9-2833-5e47-8223-d5db5ae249ca","created":"2026-04-20T06:14:23.000Z","modified":"2026-04-20T06:14:23.000Z","valid_from":"2026-04-20T06:14:23.000Z","name":"https://www.pedoturbation.cfd/gwzdppajiofeMnewrgzfat","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.pedoturbation.cfd/gwzdppajiofeMnewrgzfat']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046110210432131563"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f05819a6-1aeb-54e1-b414-470bbda6f673","created":"2026-04-20T06:14:24.000Z","modified":"2026-04-20T06:14:24.000Z","valid_from":"2026-04-20T06:14:24.000Z","name":"platinumgroup.cfd","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'platinumgroup.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046110213691036029"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--45495eae-5452-569b-b48b-09940122bcf7","created":"2026-04-20T06:14:24.000Z","modified":"2026-04-20T06:14:24.000Z","valid_from":"2026-04-20T06:14:24.000Z","name":"https://www.platinumgroup.cfd/rn7xIs","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.platinumgroup.cfd/rn7xIs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046110213691036029"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f643b9d4-496e-5e45-b0e8-2847303d2a42","created":"2026-04-20T06:26:08.000Z","modified":"2026-04-20T06:26:08.000Z","valid_from":"2026-04-20T06:26:08.000Z","name":"https://wfmigylevgif.top/jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wfmigylevgif.top/jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046113167621665196"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb3ecfb6-ba18-514d-a964-3a4eff35427b","created":"2026-04-20T06:27:17.000Z","modified":"2026-04-20T06:27:17.000Z","valid_from":"2026-04-20T06:27:17.000Z","name":"https://cdarrs42ry-juiobng37.croptaskcase.su/?kdr=aaaa@example.jp&cbd=fliqRVb00tjc4a2KRbKZdpvq2NpcYfld9hJqkL2q85Q=","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cdarrs42ry-juiobng37.croptaskcase.su/?kdr=aaaa@example.jp&cbd=fliqRVb00tjc4a2KRbKZdpvq2NpcYfld9hJqkL2q85Q=']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046113456827580620"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a03dd5f-1a1a-5d2c-9304-561cc7df21bb","created":"2026-04-20T06:27:17.000Z","modified":"2026-04-20T06:27:17.000Z","valid_from":"2026-04-20T06:27:17.000Z","name":"172.245.28.168","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '172.245.28.168']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046113456827580620"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--edffc24c-abc8-5af3-94a2-3f28f2ad2203","created":"2026-04-20T06:27:18.000Z","modified":"2026-04-20T06:27:18.000Z","valid_from":"2026-04-20T06:27:18.000Z","name":"cdarrs42ry-juiobng37.croptaskcase.su","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cdarrs42ry-juiobng37.croptaskcase.su']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046113460564697243"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c6b42c8-fa60-51db-bb1d-9c4070f9c589","created":"2026-04-20T06:27:18.000Z","modified":"2026-04-20T06:27:18.000Z","valid_from":"2026-04-20T06:27:18.000Z","name":"https://cdarrs42ry-juiobng37.croptaskcase.su/api/bot","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cdarrs42ry-juiobng37.croptaskcase.su/api/bot']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2046113460564697243"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7469ddcb-97d8-5cda-bf5d-2ce509eb3f94","created":"2026-04-20T06:28:04.000Z","modified":"2026-04-20T06:28:04.000Z","valid_from":"2026-04-20T06:28:04.000Z","name":"8a6fb28d517b74b0fd3b2ab76f81ad39","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8a6fb28d517b74b0fd3b2ab76f81ad39']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046113651682337013"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee83b44c-2840-5404-8fd2-ef59b13a424b","created":"2026-04-20T06:57:50.000Z","modified":"2026-04-20T06:57:50.000Z","valid_from":"2026-04-20T06:57:50.000Z","name":"ca0693ded4c217d6ea04f8498a69ca78","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'ca0693ded4c217d6ea04f8498a69ca78']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046121143292293330"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a50a58bc-48e4-539a-8bf9-a474a6d354fa","created":"2026-04-20T07:23:56.000Z","modified":"2026-04-20T07:23:56.000Z","valid_from":"2026-04-20T07:23:56.000Z","name":"https://telegram.me/ci0iiif","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://telegram.me/ci0iiif']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2046127712369078473"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2118e49a-9dee-55fe-859e-43432af85b4f","created":"2026-04-20T07:23:56.000Z","modified":"2026-04-20T07:23:56.000Z","valid_from":"2026-04-20T07:23:56.000Z","name":"cebolinhaburger.com","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cebolinhaburger.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2046127712369078473"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2285dd7-7fac-5a32-9fd9-1bf436688c50","created":"2026-04-20T07:23:56.000Z","modified":"2026-04-20T07:23:56.000Z","valid_from":"2026-04-20T07:23:56.000Z","name":"http://cebolinhaburger.com","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cebolinhaburger.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2046127712369078473"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3f90819-d415-5131-8109-ec337a3f6fcf","created":"2026-04-20T07:25:08.000Z","modified":"2026-04-20T07:25:08.000Z","valid_from":"2026-04-20T07:25:08.000Z","name":"https://steamcommunity.com/profiles/76561198714231957","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://steamcommunity.com/profiles/76561198714231957']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046128015407473025"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd36fa35-daf5-591f-9276-33941196ca98","created":"2026-04-20T07:25:08.000Z","modified":"2026-04-20T07:25:08.000Z","valid_from":"2026-04-20T07:25:08.000Z","name":"https://telegram.me/ci","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://telegram.me/ci']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046128015407473025"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e42a3abf-b224-5132-9ac0-f94144352ecf","created":"2026-04-20T07:25:08.000Z","modified":"2026-04-20T07:25:08.000Z","valid_from":"2026-04-20T07:25:08.000Z","name":"aasscc.how","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'aasscc.how']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046128015407473025"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--524a276e-fe19-5ae4-a3ba-f4e4fd16c70b","created":"2026-04-20T07:25:08.000Z","modified":"2026-04-20T07:25:08.000Z","valid_from":"2026-04-20T07:25:08.000Z","name":"http://aasscc.how","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://aasscc.how']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046128015407473025"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9594bc0f-230b-52b2-80a6-7dbb0388afc8","created":"2026-04-20T07:45:47.000Z","modified":"2026-04-20T07:45:47.000Z","valid_from":"2026-04-20T07:45:47.000Z","name":"91.202.233.25","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.202.233.25']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2046133210069827660"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--967d88b8-099a-5842-8927-0c44e3677a17","created":"2026-04-20T07:45:47.000Z","modified":"2026-04-20T07:45:47.000Z","valid_from":"2026-04-20T07:45:47.000Z","name":"5ea113da8309ad96114803174d3d4b91","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '5ea113da8309ad96114803174d3d4b91']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2046133210069827660"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2e6ad1d-1393-5dc4-96e2-6a7919e0735a","created":"2026-04-20T08:46:50.000Z","modified":"2026-04-20T08:46:50.000Z","valid_from":"2026-04-20T08:46:50.000Z","name":"allegrolokalnie.pl-ogloszenie.lat","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'allegrolokalnie.pl-ogloszenie.lat']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046148574782661019"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8d1afa4-f9a9-5fe0-83e8-013e3061ceb1","created":"2026-04-20T08:46:50.000Z","modified":"2026-04-20T08:46:50.000Z","valid_from":"2026-04-20T08:46:50.000Z","name":"http://allegrolokalnie.pl-ogloszenie.lat","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://allegrolokalnie.pl-ogloszenie.lat']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046148574782661019"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--73329320-79d2-5366-8656-1a49c003ebed","created":"2026-04-20T10:01:36.000Z","modified":"2026-04-20T10:01:36.000Z","valid_from":"2026-04-20T10:01:36.000Z","name":"inopportunefable.com","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inopportunefable.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046167389776019704"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3d61280-1e6b-5dbe-aada-e6d4a9fce09a","created":"2026-04-20T10:01:36.000Z","modified":"2026-04-20T10:01:36.000Z","valid_from":"2026-04-20T10:01:36.000Z","name":"http://inopportunefable.com","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inopportunefable.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046167389776019704"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0acfb159-41e3-59c7-bd6d-558c70618aca","created":"2026-04-20T10:01:36.000Z","modified":"2026-04-20T10:01:36.000Z","valid_from":"2026-04-20T10:01:36.000Z","name":"learnzonekey.monster","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'learnzonekey.monster']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046167389776019704"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--80190652-7d39-5c6d-8c3f-5a500b21afef","created":"2026-04-20T10:01:36.000Z","modified":"2026-04-20T10:01:36.000Z","valid_from":"2026-04-20T10:01:36.000Z","name":"http://learnzonekey.monster","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://learnzonekey.monster']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046167389776019704"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26777e36-308a-5b7e-a91c-9cd0672753b0","created":"2026-04-20T10:01:36.000Z","modified":"2026-04-20T10:01:36.000Z","valid_from":"2026-04-20T10:01:36.000Z","name":"jicinvestments.monster","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jicinvestments.monster']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046167389776019704"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0350851-07c0-5c94-98b6-23137e480fbd","created":"2026-04-20T10:01:36.000Z","modified":"2026-04-20T10:01:36.000Z","valid_from":"2026-04-20T10:01:36.000Z","name":"http://jicinvestments.monster","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jicinvestments.monster']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046167389776019704"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fac0c0cf-de64-58f6-84ce-da9ebc67f921","created":"2026-04-20T11:29:56.000Z","modified":"2026-04-20T11:29:56.000Z","valid_from":"2026-04-20T11:29:56.000Z","name":"dhvuuxhmt.qh399063.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dhvuuxhmt.qh399063.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046189622288666707"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01ac135d-f6aa-5db4-be5a-556e792f8f4f","created":"2026-04-20T11:29:56.000Z","modified":"2026-04-20T11:29:56.000Z","valid_from":"2026-04-20T11:29:56.000Z","name":"https://dhvuuxhmt.qh399063.cn/RSV_P/smart_index.htm/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dhvuuxhmt.qh399063.cn/RSV_P/smart_index.htm/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046189622288666707"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc5e2fb2-a0d1-56ce-a41e-d58c350c1238","created":"2026-04-20T11:30:00.000Z","modified":"2026-04-20T11:30:00.000Z","valid_from":"2026-04-20T11:30:00.000Z","name":"ingressosflamengoa.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ingressosflamengoa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046189636469297363"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36a7776a-4356-5091-9ce0-647a6dd8e908","created":"2026-04-20T11:30:00.000Z","modified":"2026-04-20T11:30:00.000Z","valid_from":"2026-04-20T11:30:00.000Z","name":"https://ingressosflamengoa.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ingressosflamengoa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046189636469297363"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4d86dfb-b60e-565f-ad2d-b11c55662aee","created":"2026-04-20T11:30:00.000Z","modified":"2026-04-20T11:30:00.000Z","valid_from":"2026-04-20T11:30:00.000Z","name":"ingresosflamengo.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ingresosflamengo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046189636469297363"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21a419e5-879c-555b-9951-ac30ec0cdccb","created":"2026-04-20T11:30:00.000Z","modified":"2026-04-20T11:30:00.000Z","valid_from":"2026-04-20T11:30:00.000Z","name":"https://ingresosflamengo.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ingresosflamengo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046189636469297363"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f69da637-b7a2-5044-82bf-ab47d06658f1","created":"2026-04-20T12:07:37.000Z","modified":"2026-04-20T12:07:37.000Z","valid_from":"2026-04-20T12:07:37.000Z","name":"https://t.co/xfJJuWK3sM","description":"IOC reported by @NikaNika1354258 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://t.co/xfJJuWK3sM']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/NikaNika1354258/status/2046199104527601849"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6956a02a-40d5-5e0f-abd4-f3c484473032","created":"2026-04-20T12:50:56.000Z","modified":"2026-04-20T12:50:56.000Z","valid_from":"2026-04-20T12:50:56.000Z","name":"stratlabs.vercel.app","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'stratlabs.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046210005414609152"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b1bea38-762e-5f30-a8fc-3e897e85b9a7","created":"2026-04-20T12:50:56.000Z","modified":"2026-04-20T12:50:56.000Z","valid_from":"2026-04-20T12:50:56.000Z","name":"https://stratlabs.vercel.app/Strat787417","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://stratlabs.vercel.app/Strat787417']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046210005414609152"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--caea9f99-e4bf-5b5e-b856-00323e47323e","created":"2026-04-20T12:50:56.000Z","modified":"2026-04-20T12:50:56.000Z","valid_from":"2026-04-20T12:50:56.000Z","name":"https://github.com/rcaptch7/captcha/raw/refs/heads/main/StratShare7812","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/rcaptch7/captcha/raw/refs/heads/main/StratShare7812']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046210005414609152"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9852e7c-ca50-5c1d-8028-cf820f485284","created":"2026-04-20T12:55:36.000Z","modified":"2026-04-20T12:55:36.000Z","valid_from":"2026-04-20T12:55:36.000Z","name":"http://65.21.233.184","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://65.21.233.184']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046211180469932410"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb6b82e2-cd88-5495-96a5-98571ccfd6ce","created":"2026-04-20T12:55:36.000Z","modified":"2026-04-20T12:55:36.000Z","valid_from":"2026-04-20T12:55:36.000Z","name":"65.21.233.184","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '65.21.233.184']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046211180469932410"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fbe4ceb-1d45-52ea-b867-89769675894f","created":"2026-04-20T12:56:54.000Z","modified":"2026-04-20T12:56:54.000Z","valid_from":"2026-04-20T12:56:54.000Z","name":"myjcb1.cast-leisutiyu.com","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'myjcb1.cast-leisutiyu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046211505360941124"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a7dda83-4ac5-5f6f-b3ce-d97cc315cdda","created":"2026-04-20T12:56:54.000Z","modified":"2026-04-20T12:56:54.000Z","valid_from":"2026-04-20T12:56:54.000Z","name":"https://myjcb1.cast-leisutiyu.com/LqAZyy","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://myjcb1.cast-leisutiyu.com/LqAZyy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046211505360941124"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--76c6073f-7f1f-5696-9b15-080652333c0f","created":"2026-04-20T12:56:54.000Z","modified":"2026-04-20T12:56:54.000Z","valid_from":"2026-04-20T12:56:54.000Z","name":"http://104.21.73.27","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.73.27']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046211505360941124"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fd2ddfd-b003-5e9e-8ac0-a9f18aeb8de7","created":"2026-04-20T12:56:54.000Z","modified":"2026-04-20T12:56:54.000Z","valid_from":"2026-04-20T12:56:54.000Z","name":"http://172.67.137.249","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.137.249']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046211505360941124"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1fa25f9-8343-5b9e-90ed-c668731f851f","created":"2026-04-20T13:01:40.000Z","modified":"2026-04-20T13:01:40.000Z","valid_from":"2026-04-20T13:01:40.000Z","name":"cqizvybx.bhmsbp.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cqizvybx.bhmsbp.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046212706773176529"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfc6e74f-2b2e-52f0-881f-b1768e3cb28e","created":"2026-04-20T13:01:40.000Z","modified":"2026-04-20T13:01:40.000Z","valid_from":"2026-04-20T13:01:40.000Z","name":"https://cqizvybx.bhmsbp.cn/iiufhys/eorio/loging/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cqizvybx.bhmsbp.cn/iiufhys/eorio/loging/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046212706773176529"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9a9e504-a5a2-50ee-8b04-8e1d58054c47","created":"2026-04-20T13:01:40.000Z","modified":"2026-04-20T13:01:40.000Z","valid_from":"2026-04-20T13:01:40.000Z","name":"http://43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046212706773176529"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a778ed-12bc-5745-aed6-1d018da22ec4","created":"2026-04-20T13:01:40.000Z","modified":"2026-04-20T13:01:40.000Z","valid_from":"2026-04-20T13:01:40.000Z","name":"43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046212706773176529"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--23362ee4-bf19-548b-8792-867984cd16be","created":"2026-04-20T13:03:03.000Z","modified":"2026-04-20T13:03:03.000Z","valid_from":"2026-04-20T13:03:03.000Z","name":"http://136.243.203.102","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://136.243.203.102']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046213055856377896"}],"labels":["Vidar"]},{"type":"indicator","spec_version":"2.1","id":"indicator--08f83b7b-bcf4-50d8-8b7e-add1b8f8afba","created":"2026-04-20T13:03:03.000Z","modified":"2026-04-20T13:03:03.000Z","valid_from":"2026-04-20T13:03:03.000Z","name":"136.243.203.102","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '136.243.203.102']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046213055856377896"}],"labels":["Vidar"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a00dc86-6ed7-5cb3-83ae-b8ff931cd8f5","created":"2026-04-20T13:07:20.000Z","modified":"2026-04-20T13:07:20.000Z","valid_from":"2026-04-20T13:07:20.000Z","name":"http://87.121.79.73/o","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://87.121.79.73/o']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046214131913470065"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--63e57c7f-ee3b-5c4e-bd56-d358131f5638","created":"2026-04-20T13:07:20.000Z","modified":"2026-04-20T13:07:20.000Z","valid_from":"2026-04-20T13:07:20.000Z","name":"193.142.146.230","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.142.146.230']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046214131913470065"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1224f8d-4322-50a3-b207-d21ca84d9991","created":"2026-04-20T13:07:20.000Z","modified":"2026-04-20T13:07:20.000Z","valid_from":"2026-04-20T13:07:20.000Z","name":"87.121.79.73","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '87.121.79.73']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046214131913470065"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--07433b83-93b6-5138-ab71-8c9ff6f3e008","created":"2026-04-20T14:19:26.000Z","modified":"2026-04-20T14:19:26.000Z","valid_from":"2026-04-20T14:19:26.000Z","name":"https://t.co/OETHAc3uG7","description":"IOC reported by @ido_cohen2 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://t.co/OETHAc3uG7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ido_cohen2/status/2046232277592469818"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--80a72b2a-a792-5f4c-acc9-7dd7199e1126","created":"2026-04-20T14:29:05.000Z","modified":"2026-04-20T14:29:05.000Z","valid_from":"2026-04-20T14:29:05.000Z","name":"poooooper-cuh5hrhaexgeg8bt.z03.azurefd.net","description":"IOC reported by @dayz_furry on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'poooooper-cuh5hrhaexgeg8bt.z03.azurefd.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/dayz_furry/status/2046234706715226593"}],"labels":["opendir","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48dd0e6b-f941-5627-ab9e-02690ce7db35","created":"2026-04-20T14:29:05.000Z","modified":"2026-04-20T14:29:05.000Z","valid_from":"2026-04-20T14:29:05.000Z","name":"https://poooooper-cuh5hrhaexgeg8bt.z03.azurefd.net","description":"IOC reported by @dayz_furry on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://poooooper-cuh5hrhaexgeg8bt.z03.azurefd.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/dayz_furry/status/2046234706715226593"}],"labels":["opendir","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e58261ec-e9d3-59e2-8480-ef065844bb57","created":"2026-04-20T14:36:46.000Z","modified":"2026-04-20T14:36:46.000Z","valid_from":"2026-04-20T14:36:46.000Z","name":"realhostpro.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'realhostpro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2046236637735145622"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2183dae2-1fbd-592f-ad6d-8acb27c4bb70","created":"2026-04-20T14:36:46.000Z","modified":"2026-04-20T14:36:46.000Z","valid_from":"2026-04-20T14:36:46.000Z","name":"http://realhostpro.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://realhostpro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2046236637735145622"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f007c3f-72af-5a76-8a98-791dbfd2de78","created":"2026-04-20T14:47:34.000Z","modified":"2026-04-20T14:47:34.000Z","valid_from":"2026-04-20T14:47:34.000Z","name":"aabhar.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'aabhar.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2046239357615685716"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96e7d10c-38d7-5ddb-83be-32aa3b1706bd","created":"2026-04-20T14:47:34.000Z","modified":"2026-04-20T14:47:34.000Z","valid_from":"2026-04-20T14:47:34.000Z","name":"http://aabhar.top//aabhar/login","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://aabhar.top//aabhar/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2046239357615685716"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--597ce987-2ced-57dc-bdab-a802449829c9","created":"2026-04-20T14:47:34.000Z","modified":"2026-04-20T14:47:34.000Z","valid_from":"2026-04-20T14:47:34.000Z","name":"http://aabhar.top/aabhar/forgot-password","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://aabhar.top/aabhar/forgot-password']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2046239357615685716"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b911d97a-3ee1-5a65-a70d-1f0fe587c7de","created":"2026-04-20T15:02:12.000Z","modified":"2026-04-20T15:02:12.000Z","valid_from":"2026-04-20T15:02:12.000Z","name":"ezno.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ezno.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2046243038209650854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3062c1cb-b06a-547d-9599-0f9f039a5833","created":"2026-04-20T15:02:12.000Z","modified":"2026-04-20T15:02:12.000Z","valid_from":"2026-04-20T15:02:12.000Z","name":"http://ezno.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ezno.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2046243038209650854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41eb83ed-e229-5087-8bf8-8c55af4a216c","created":"2026-04-20T16:06:22.000Z","modified":"2026-04-20T16:06:22.000Z","valid_from":"2026-04-20T16:06:22.000Z","name":"https://stratlabs.vercel.app/Strat7874","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://stratlabs.vercel.app/Strat7874']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046259186049089845"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d7867be-0271-55ee-932b-709b6f92659c","created":"2026-04-20T16:10:04.000Z","modified":"2026-04-20T16:10:04.000Z","valid_from":"2026-04-20T16:10:04.000Z","name":"http://121.127.246.86:8081","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://121.127.246.86:8081']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046260117012709407"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b5a254f-fb85-5de1-91e3-e59a762c7367","created":"2026-04-20T16:10:04.000Z","modified":"2026-04-20T16:10:04.000Z","valid_from":"2026-04-20T16:10:04.000Z","name":"121.127.246.86","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '121.127.246.86']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046260117012709407"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8815a05f-76f4-53ea-b8e4-f6472148dbe3","created":"2026-04-20T16:44:20.000Z","modified":"2026-04-20T16:44:20.000Z","valid_from":"2026-04-20T16:44:20.000Z","name":"35b2a2bc7e8058221eab32ff8f886da555500ef93a9128a11655c4c8232146f9","description":"IOC reported by @Khushalchopra5 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '35b2a2bc7e8058221eab32ff8f886da555500ef93a9128a11655c4c8232146f9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Khushalchopra5/status/2046268740866801761"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2617939c-6223-5b6f-8f6e-de9a1cd0b540","created":"2026-04-20T16:44:20.000Z","modified":"2026-04-20T16:44:20.000Z","valid_from":"2026-04-20T16:44:20.000Z","name":"cfe0b3ce61fb8a76a50182a16e35b811a41bcf3dca4d01a6e4748547a4bc92cd","description":"IOC reported by @Khushalchopra5 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'cfe0b3ce61fb8a76a50182a16e35b811a41bcf3dca4d01a6e4748547a4bc92cd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Khushalchopra5/status/2046268740866801761"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--856798d1-532f-55be-986d-2b630326fd73","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"tois5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tois5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68e9e894-290a-58ad-9eaf-c6df43d9bb9d","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://tois5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tois5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b098b2c7-419e-541f-93e8-98a121a1f54f","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"nids.tois5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.tois5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d798e74-c5f1-5c35-969a-45edf9eb9382","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://nids.tois5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.tois5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd4908d2-6940-55d2-9de4-f1def7b8b142","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"tpe5ie.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tpe5ie.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65153266-9000-5c19-8bf5-5b63c65e19c2","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://tpe5ie.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tpe5ie.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49ad5ed5-09d4-5b91-b724-44daa486be33","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"tois15ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tois15ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c378aae7-08e6-538f-b47a-2eef46f070c7","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://tois15ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tois15ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cfc6335-4e2e-582c-83c4-3bf8bbbccbcb","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"xto14ic.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xto14ic.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--69d9ce71-010f-5f41-a2a8-c4d5d286d1bb","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://xto14ic.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xto14ic.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9bb0ffff-10fb-54ad-bdf6-10e235c49550","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"ntx10sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntx10sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--42c60311-0c3a-5acd-ac16-e51034552280","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://ntx10sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntx10sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6840f72f-b425-53ca-b4f0-07c1f9360ffd","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"mois22ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois22ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b56d7efb-2e5b-5bfb-bcb3-e5bee577565f","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://mois22ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois22ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e30b5b0-c5e5-5521-8be2-1265dc3993b6","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"mois0ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois0ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b378c3f-a473-51b9-9f19-8d3c45ea57e6","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://mois0ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois0ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e55c8911-d995-5770-a008-55ddc3487557","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"mois36ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois36ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a2b798-cf43-596e-a200-4235f8796afc","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://mois36ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois36ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fca4ce3e-a12b-50d8-b819-39580a32a426","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"mois26ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois26ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9aff5f62-2833-57c5-8667-3505641a7263","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://mois26ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois26ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a150452a-1317-5dac-b56a-e7341a79e2b5","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"mois39ex.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois39ex.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43bc3376-d990-5fa7-aad7-f53ff4014b80","created":"2026-04-20T18:19:49.000Z","modified":"2026-04-20T18:19:49.000Z","valid_from":"2026-04-20T18:19:49.000Z","name":"http://mois39ex.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois39ex.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046292771594555463"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--472d3ef3-372c-5726-8f64-887f289549f4","created":"2026-04-20T19:08:48.000Z","modified":"2026-04-20T19:08:48.000Z","valid_from":"2026-04-20T19:08:48.000Z","name":"cleverstack-ext30341.vercel.app","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cleverstack-ext30341.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046305098763239814"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4662b53d-e4bf-54f6-9a9a-34c2bdc050a4","created":"2026-04-20T19:08:48.000Z","modified":"2026-04-20T19:08:48.000Z","valid_from":"2026-04-20T19:08:48.000Z","name":"http://cleverstack-ext30341.vercel.app","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cleverstack-ext30341.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046305098763239814"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1074a0c-823c-5832-b0d0-1abcb6caae86","created":"2026-04-20T19:21:44.000Z","modified":"2026-04-20T19:21:44.000Z","valid_from":"2026-04-20T19:21:44.000Z","name":"http://144.172.105.138","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://144.172.105.138']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046308353794871435"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8547e93-bb3c-59d3-b5ff-2ebaa51cb037","created":"2026-04-20T19:21:44.000Z","modified":"2026-04-20T19:21:44.000Z","valid_from":"2026-04-20T19:21:44.000Z","name":"144.172.105.138","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '144.172.105.138']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046308353794871435"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ff26b99-5913-564b-8762-04302378acf2","created":"2026-04-20T21:02:26.000Z","modified":"2026-04-20T21:02:26.000Z","valid_from":"2026-04-20T21:02:26.000Z","name":"http://2.26.116.156","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://2.26.116.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2046333694739185848"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--eef7773d-376f-58cc-82da-abc444c9372f","created":"2026-04-20T21:02:26.000Z","modified":"2026-04-20T21:02:26.000Z","valid_from":"2026-04-20T21:02:26.000Z","name":"2.26.116.156","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '2.26.116.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2046333694739185848"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f9ba500-5a94-5827-9f28-f9e4c8ea342d","created":"2026-04-20T21:08:42.000Z","modified":"2026-04-20T21:08:42.000Z","valid_from":"2026-04-20T21:08:42.000Z","name":"https://realhostpro.com/index.php","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://realhostpro.com/index.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046335271172514029"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--539f43c6-0ef4-5d10-bf9f-455791369276","created":"2026-04-20T21:39:20.000Z","modified":"2026-04-20T21:39:20.000Z","valid_from":"2026-04-20T21:39:20.000Z","name":"http://139.135.60.162:58061/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://139.135.60.162:58061/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046342981783867442"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5d58a3f-8a3b-5380-885d-eb65f56ab9a4","created":"2026-04-20T21:39:20.000Z","modified":"2026-04-20T21:39:20.000Z","valid_from":"2026-04-20T21:39:20.000Z","name":"139.135.60.162","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '139.135.60.162']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046342981783867442"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0d61338-c83f-5143-9017-e23e0be9116d","created":"2026-04-20T22:27:09.000Z","modified":"2026-04-20T22:27:09.000Z","valid_from":"2026-04-20T22:27:09.000Z","name":"http://31.57.109.131/scripts/4thepool_miner.sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://31.57.109.131/scripts/4thepool_miner.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046355013740486668"}],"labels":["log4j"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dfa2990d-bdb5-5e0c-be27-e1713df42c94","created":"2026-04-20T22:27:09.000Z","modified":"2026-04-20T22:27:09.000Z","valid_from":"2026-04-20T22:27:09.000Z","name":"80.75.212.14","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '80.75.212.14']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046355013740486668"}],"labels":["log4j"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0c02700-e56c-53b5-90d0-3d4dbcb01f20","created":"2026-04-20T22:27:09.000Z","modified":"2026-04-20T22:27:09.000Z","valid_from":"2026-04-20T22:27:09.000Z","name":"31.57.109.131","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.57.109.131']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046355013740486668"}],"labels":["log4j"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4ecc9ffa-39f1-5040-9c1e-9f36320cf0fa","created":"2026-04-21T00:05:59.000Z","modified":"2026-04-21T00:05:59.000Z","valid_from":"2026-04-21T00:05:59.000Z","name":"Context.ai","description":"IOC reported by @JRoosen on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Context.ai']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JRoosen/status/2046379888035172507"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--581dd16b-72db-580d-9bd9-1d1bc85ed962","created":"2026-04-21T00:05:59.000Z","modified":"2026-04-21T00:05:59.000Z","valid_from":"2026-04-21T00:05:59.000Z","name":"http://Context.ai","description":"IOC reported by @JRoosen on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Context.ai']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JRoosen/status/2046379888035172507"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f32d6aed-8a50-5c0f-b090-dde0021902ac","created":"2026-04-21T02:17:07.000Z","modified":"2026-04-21T02:17:07.000Z","valid_from":"2026-04-21T02:17:07.000Z","name":"macosstor-supp.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'macosstor-supp.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046412888873812300"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--143083df-dc2e-5448-a371-7416a52799c7","created":"2026-04-21T02:17:07.000Z","modified":"2026-04-21T02:17:07.000Z","valid_from":"2026-04-21T02:17:07.000Z","name":"http://macosstor-supp.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://macosstor-supp.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046412888873812300"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eab31ce9-7f4f-5ef8-a0f2-316d1059205b","created":"2026-04-21T02:17:07.000Z","modified":"2026-04-21T02:17:07.000Z","valid_from":"2026-04-21T02:17:07.000Z","name":"nailscanai.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nailscanai.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046412888873812300"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bb6f8a1-7a5b-5c82-b975-844dfca254f3","created":"2026-04-21T02:17:07.000Z","modified":"2026-04-21T02:17:07.000Z","valid_from":"2026-04-21T02:17:07.000Z","name":"http://nailscanai.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nailscanai.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046412888873812300"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b911d97a-3ee1-5a65-a70d-1f0fe587c7de","created":"2026-04-21T03:51:45.000Z","modified":"2026-04-21T03:51:45.000Z","valid_from":"2026-04-21T03:51:45.000Z","name":"ezno.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ezno.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046436704026759319"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3062c1cb-b06a-547d-9599-0f9f039a5833","created":"2026-04-21T03:51:45.000Z","modified":"2026-04-21T03:51:45.000Z","valid_from":"2026-04-21T03:51:45.000Z","name":"http://ezno.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ezno.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046436704026759319"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f007c3f-72af-5a76-8a98-791dbfd2de78","created":"2026-04-21T03:51:56.000Z","modified":"2026-04-21T03:51:56.000Z","valid_from":"2026-04-21T03:51:56.000Z","name":"aabhar.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'aabhar.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046436748045988110"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96e7d10c-38d7-5ddb-83be-32aa3b1706bd","created":"2026-04-21T03:51:56.000Z","modified":"2026-04-21T03:51:56.000Z","valid_from":"2026-04-21T03:51:56.000Z","name":"http://aabhar.top//aabhar/login","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://aabhar.top//aabhar/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046436748045988110"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--597ce987-2ced-57dc-bdab-a802449829c9","created":"2026-04-21T03:51:56.000Z","modified":"2026-04-21T03:51:56.000Z","valid_from":"2026-04-21T03:51:56.000Z","name":"http://aabhar.top/aabhar/forgot-password","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://aabhar.top/aabhar/forgot-password']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046436748045988110"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e58261ec-e9d3-59e2-8480-ef065844bb57","created":"2026-04-21T03:52:04.000Z","modified":"2026-04-21T03:52:04.000Z","valid_from":"2026-04-21T03:52:04.000Z","name":"realhostpro.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'realhostpro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046436783018086677"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2183dae2-1fbd-592f-ad6d-8acb27c4bb70","created":"2026-04-21T03:52:04.000Z","modified":"2026-04-21T03:52:04.000Z","valid_from":"2026-04-21T03:52:04.000Z","name":"http://realhostpro.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://realhostpro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046436783018086677"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--76c6073f-7f1f-5696-9b15-080652333c0f","created":"2026-04-21T03:53:27.000Z","modified":"2026-04-21T03:53:27.000Z","valid_from":"2026-04-21T03:53:27.000Z","name":"http://104.21.73.27","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.73.27']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046437129006223395"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fd2ddfd-b003-5e9e-8ac0-a9f18aeb8de7","created":"2026-04-21T03:53:27.000Z","modified":"2026-04-21T03:53:27.000Z","valid_from":"2026-04-21T03:53:27.000Z","name":"http://172.67.137.249","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.137.249']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046437129006223395"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2d9cd09-7708-5361-ab68-4aafe6632379","created":"2026-04-21T05:00:22.000Z","modified":"2026-04-21T05:00:22.000Z","valid_from":"2026-04-21T05:00:22.000Z","name":"3f4221dacc105466932db94b9b210b84","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '3f4221dacc105466932db94b9b210b84']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046453969313038415"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46319264-524a-51c8-a3c8-bf181eed89c3","created":"2026-04-21T05:33:23.000Z","modified":"2026-04-21T05:33:23.000Z","valid_from":"2026-04-21T05:33:23.000Z","name":"nefariousplan.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nefariousplan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046462279370018941"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--38018ef0-117d-57b7-9a58-46c2520858ff","created":"2026-04-21T05:33:23.000Z","modified":"2026-04-21T05:33:23.000Z","valid_from":"2026-04-21T05:33:23.000Z","name":"https://nefariousplan.com/posts/adobe-acrobat-cve-2026-34621-pdf-weaponizer/","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nefariousplan.com/posts/adobe-acrobat-cve-2026-34621-pdf-weaponizer/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046462279370018941"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a074daf-bc61-5a90-8632-0cc97f421923","created":"2026-04-21T06:54:08.000Z","modified":"2026-04-21T06:54:08.000Z","valid_from":"2026-04-21T06:54:08.000Z","name":"service.accrestorelab.cfd","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'service.accrestorelab.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046482602002166234"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5af1f686-056f-57cb-baba-e48ebc2b7d42","created":"2026-04-21T06:54:08.000Z","modified":"2026-04-21T06:54:08.000Z","valid_from":"2026-04-21T06:54:08.000Z","name":"https://service.accrestorelab.cfd/login","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://service.accrestorelab.cfd/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046482602002166234"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--250a90c2-2dac-5c6d-b1c9-7e0d16644c4e","created":"2026-04-21T06:54:08.000Z","modified":"2026-04-21T06:54:08.000Z","valid_from":"2026-04-21T06:54:08.000Z","name":"http://104.21.31.154","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.31.154']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046482602002166234"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6905e358-42ba-567f-a5ac-497a4852c5c3","created":"2026-04-21T06:54:08.000Z","modified":"2026-04-21T06:54:08.000Z","valid_from":"2026-04-21T06:54:08.000Z","name":"http://172.67.178.57","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.178.57']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046482602002166234"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9720e331-5c24-57a0-9811-522c25204d9f","created":"2026-04-21T07:08:59.000Z","modified":"2026-04-21T07:08:59.000Z","valid_from":"2026-04-21T07:08:59.000Z","name":"pockmark.cfd","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pockmark.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046486337168216379"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--675df8f5-6144-54e6-83d6-2ec8f044a569","created":"2026-04-21T07:08:59.000Z","modified":"2026-04-21T07:08:59.000Z","valid_from":"2026-04-21T07:08:59.000Z","name":"https://www.pockmark.cfd/rn7xIs","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.pockmark.cfd/rn7xIs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046486337168216379"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b74567c-8132-5d4b-a67f-60231cfc811c","created":"2026-04-21T07:08:59.000Z","modified":"2026-04-21T07:08:59.000Z","valid_from":"2026-04-21T07:08:59.000Z","name":"http://104.21.30.219","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.30.219']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046486337168216379"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ecf000e-9bd0-5e0a-80ef-1f906f1e6555","created":"2026-04-21T07:08:59.000Z","modified":"2026-04-21T07:08:59.000Z","valid_from":"2026-04-21T07:08:59.000Z","name":"http://172.67.173.245","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.173.245']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046486337168216379"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b9ae37b-fc32-5343-86e9-bb3839d6ab50","created":"2026-04-21T07:17:12.000Z","modified":"2026-04-21T07:17:12.000Z","valid_from":"2026-04-21T07:17:12.000Z","name":"l-tike-34044mb.armydiller.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'l-tike-34044mb.armydiller.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046488405094396033"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--034d0f11-1514-51d6-8d2e-36a74ea65ce7","created":"2026-04-21T07:17:12.000Z","modified":"2026-04-21T07:17:12.000Z","valid_from":"2026-04-21T07:17:12.000Z","name":"https://l-tike-34044mb.armydiller.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://l-tike-34044mb.armydiller.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046488405094396033"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8aa5ccbe-172c-5e84-87fa-80461451250e","created":"2026-04-21T07:20:53.000Z","modified":"2026-04-21T07:20:53.000Z","valid_from":"2026-04-21T07:20:53.000Z","name":"rezgere.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rezgere.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046489333285400835"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--49e46f4e-cea3-5601-9841-3d828d3490be","created":"2026-04-21T07:20:53.000Z","modified":"2026-04-21T07:20:53.000Z","valid_from":"2026-04-21T07:20:53.000Z","name":"http://rezgere.cn/g1/g/2ds=docomos/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rezgere.cn/g1/g/2ds=docomos/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046489333285400835"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9dda86ef-388e-514d-a809-e03281df0426","created":"2026-04-21T07:20:53.000Z","modified":"2026-04-21T07:20:53.000Z","valid_from":"2026-04-21T07:20:53.000Z","name":"http://165.154.241.56","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://165.154.241.56']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046489333285400835"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d5157a8-e8ed-539a-9013-b47275fe61cc","created":"2026-04-21T07:20:53.000Z","modified":"2026-04-21T07:20:53.000Z","valid_from":"2026-04-21T07:20:53.000Z","name":"165.154.241.56","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '165.154.241.56']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046489333285400835"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5832e0cd-d3c1-53f7-a936-44aa762cde9a","created":"2026-04-21T07:34:05.000Z","modified":"2026-04-21T07:34:05.000Z","valid_from":"2026-04-21T07:34:05.000Z","name":"mudvolcano.cfd","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mudvolcano.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046492655564333551"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--162ec5db-69fd-50c5-a7f8-78f309ee2186","created":"2026-04-21T07:34:05.000Z","modified":"2026-04-21T07:34:05.000Z","valid_from":"2026-04-21T07:34:05.000Z","name":"https://www.mudvolcano.cfd/myNZ6X","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.mudvolcano.cfd/myNZ6X']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046492655564333551"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a8ed73c-8b68-57c0-8546-4a35de6c8350","created":"2026-04-21T07:34:05.000Z","modified":"2026-04-21T07:34:05.000Z","valid_from":"2026-04-21T07:34:05.000Z","name":"http://172.67.182.59","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.182.59']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046492655564333551"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f346283-e100-5b76-82d6-30bb89e99bc5","created":"2026-04-21T07:34:05.000Z","modified":"2026-04-21T07:34:05.000Z","valid_from":"2026-04-21T07:34:05.000Z","name":"http://104.21.75.214","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.75.214']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2046492655564333551"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--49cac3cd-ccb8-5ebc-a336-cb3d47d7d36f","created":"2026-04-21T08:00:17.000Z","modified":"2026-04-21T08:00:17.000Z","valid_from":"2026-04-21T08:00:17.000Z","name":"3dba86749e67a7d3b1c639eeee1080da","description":"IOC reported by @goldenjackel12 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '3dba86749e67a7d3b1c639eeee1080da']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/goldenjackel12/status/2046499248615952886"}],"labels":["APT","MustangPanda"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2dea5206-916b-576a-8255-17a67b46c925","created":"2026-04-21T08:02:43.000Z","modified":"2026-04-21T08:02:43.000Z","valid_from":"2026-04-21T08:02:43.000Z","name":"8.216.42.38","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.216.42.38']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046499859805376889"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fee5e196-559e-535b-921d-75ef54d0585d","created":"2026-04-21T09:46:22.000Z","modified":"2026-04-21T09:46:22.000Z","valid_from":"2026-04-21T09:46:22.000Z","name":"27b80773a1254dc2d1f30cd03a42de44","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '27b80773a1254dc2d1f30cd03a42de44']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046525945293816279"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d538023b-c2e1-5b42-9cdd-15cda7e5c425","created":"2026-04-21T09:49:14.000Z","modified":"2026-04-21T09:49:14.000Z","valid_from":"2026-04-21T09:49:14.000Z","name":"https://github.com/pd1-pd","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/pd1-pd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046526664709160968"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40fa8a2c-b2aa-511f-a48e-3fdd9d166b05","created":"2026-04-21T09:49:14.000Z","modified":"2026-04-21T09:49:14.000Z","valid_from":"2026-04-21T09:49:14.000Z","name":"https://github.com/ud-pd","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/ud-pd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046526664709160968"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc147ab1-7dac-53af-8de5-62202a3738a5","created":"2026-04-21T09:49:14.000Z","modified":"2026-04-21T09:49:14.000Z","valid_from":"2026-04-21T09:49:14.000Z","name":"7ba15e063adfe25b273f0e1bc72f6772","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '7ba15e063adfe25b273f0e1bc72f6772']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046526664709160968"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd9afb4a-eb0b-54a3-b8b2-43afc4accfb1","created":"2026-04-21T10:51:25.000Z","modified":"2026-04-21T10:51:25.000Z","valid_from":"2026-04-21T10:51:25.000Z","name":"http://146.185.239.43/szCHhhhhhhh/foragefantastic.ps1","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://146.185.239.43/szCHhhhhhhh/foragefantastic.ps1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046542314240147473"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7826d0c-3660-5216-96cf-408dadfa6c7f","created":"2026-04-21T10:51:25.000Z","modified":"2026-04-21T10:51:25.000Z","valid_from":"2026-04-21T10:51:25.000Z","name":"146.185.239.43","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '146.185.239.43']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046542314240147473"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--232fcd91-b158-50eb-ae77-4550c9ad6035","created":"2026-04-21T11:00:19.000Z","modified":"2026-04-21T11:00:19.000Z","valid_from":"2026-04-21T11:00:19.000Z","name":"docshub-secure.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docshub-secure.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046544556603150503"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3baba585-04cb-534a-9374-42e6b4daed85","created":"2026-04-21T11:00:19.000Z","modified":"2026-04-21T11:00:19.000Z","valid_from":"2026-04-21T11:00:19.000Z","name":"http://docshub-secure.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docshub-secure.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046544556603150503"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--769e72fa-d2f0-5fc5-bf3e-afa49564dc9c","created":"2026-04-21T11:22:04.000Z","modified":"2026-04-21T11:22:04.000Z","valid_from":"2026-04-21T11:22:04.000Z","name":"a36ed07532045d9d33f6b1332306378c","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'a36ed07532045d9d33f6b1332306378c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046550028047851954"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf71a836-f765-519f-9457-f53c4d0a88d7","created":"2026-04-21T11:36:14.000Z","modified":"2026-04-21T11:36:14.000Z","valid_from":"2026-04-21T11:36:14.000Z","name":"mmu6.livespacezone.monster","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mmu6.livespacezone.monster']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046553593394721207"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d692b121-9bbb-5b3a-9f58-46b5db1065a1","created":"2026-04-21T11:36:14.000Z","modified":"2026-04-21T11:36:14.000Z","valid_from":"2026-04-21T11:36:14.000Z","name":"https://mmu6.livespacezone.monster/?42e905c0a44e77c530926001fa","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mmu6.livespacezone.monster/?42e905c0a44e77c530926001fa']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046553593394721207"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67b008be-f41d-585e-bc00-cc03ae2b0d52","created":"2026-04-21T11:36:14.000Z","modified":"2026-04-21T11:36:14.000Z","valid_from":"2026-04-21T11:36:14.000Z","name":"7d4ba1ae.loadingminimalverifv1.pages.dev","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '7d4ba1ae.loadingminimalverifv1.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046553593394721207"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7936d604-68dd-58c3-855c-cb484232f1e2","created":"2026-04-21T11:36:14.000Z","modified":"2026-04-21T11:36:14.000Z","valid_from":"2026-04-21T11:36:14.000Z","name":"https://7d4ba1ae.loadingminimalverifv1.pages.dev/?v=a1b4opib&ts=19dafb9b4bf&s=pending","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://7d4ba1ae.loadingminimalverifv1.pages.dev/?v=a1b4opib&ts=19dafb9b4bf&s=pending']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046553593394721207"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3620a03-e971-532a-a46e-115580d802c0","created":"2026-04-21T11:36:14.000Z","modified":"2026-04-21T11:36:14.000Z","valid_from":"2026-04-21T11:36:14.000Z","name":"portstringpge.space","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'portstringpge.space']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046553593394721207"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fde215df-1fff-5bd1-be5f-e5d84788a447","created":"2026-04-21T11:36:14.000Z","modified":"2026-04-21T11:36:14.000Z","valid_from":"2026-04-21T11:36:14.000Z","name":"http://portstringpge.space/ntr1/clue.r","description":"IOC reported by @muha2xmad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://portstringpge.space/ntr1/clue.r']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/muha2xmad/status/2046553593394721207"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc98f0c1-ccc8-5883-86b4-c5d85ba993db","created":"2026-04-21T12:00:03.000Z","modified":"2026-04-21T12:00:03.000Z","valid_from":"2026-04-21T12:00:03.000Z","name":"sat.gob.com","description":"IOC reported by @tial_cl on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sat.gob.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/tial_cl/status/2046559585553862759"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--309085c2-ac21-505d-ae1d-d6b827377510","created":"2026-04-21T12:00:03.000Z","modified":"2026-04-21T12:00:03.000Z","valid_from":"2026-04-21T12:00:03.000Z","name":"http://sat.gob.com","description":"IOC reported by @tial_cl on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sat.gob.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/tial_cl/status/2046559585553862759"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3aec6fc6-f03a-5659-ab49-a218e2394025","created":"2026-04-21T12:00:03.000Z","modified":"2026-04-21T12:00:03.000Z","valid_from":"2026-04-21T12:00:03.000Z","name":"sternaabogados.com","description":"IOC reported by @tial_cl on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sternaabogados.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/tial_cl/status/2046559585553862759"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f237f355-03d4-5699-ada8-fdd9f88948a7","created":"2026-04-21T12:00:03.000Z","modified":"2026-04-21T12:00:03.000Z","valid_from":"2026-04-21T12:00:03.000Z","name":"http://sternaabogados.com","description":"IOC reported by @tial_cl on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sternaabogados.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/tial_cl/status/2046559585553862759"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--40463c42-e4b2-5bad-8254-cef368fcf617","created":"2026-04-21T12:02:46.000Z","modified":"2026-04-21T12:02:46.000Z","valid_from":"2026-04-21T12:02:46.000Z","name":"ameli-secu.com","description":"IOC reported by @Alopsis on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ameli-secu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Alopsis/status/2046560269657116684"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--648ccbb4-5671-5555-a3f4-63c3dacad828","created":"2026-04-21T12:02:46.000Z","modified":"2026-04-21T12:02:46.000Z","valid_from":"2026-04-21T12:02:46.000Z","name":"https://www.ameli-secu.com","description":"IOC reported by @Alopsis on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.ameli-secu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Alopsis/status/2046560269657116684"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--befe9316-0850-5dd1-b19e-851ba9972e57","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://130.12.180.135:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://130.12.180.135:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--483cd847-c0b7-582a-838b-3ddff7d4e1df","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://144.31.151.223:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://144.31.151.223:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5cab6302-c129-5a85-a119-df512f79b703","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://178.16.54.109:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://178.16.54.109:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b959ae0-253e-5272-8560-df6c99d96467","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://178.16.55.234:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://178.16.55.234:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e905dfcb-03f5-51c1-8d65-e8fe8188c1f9","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://193.24.123.23:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.24.123.23:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c82fe69-a77c-50d9-8e6f-802d2eae3a9a","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://195.160.220.49:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://195.160.220.49:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f36fbc1-8803-5ae6-a469-a1dafa9b3e02","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://209.17.118.17:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://209.17.118.17:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b04793e2-3fc9-5d9a-9d8a-780a9431e842","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://34.225.141.85:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://34.225.141.85:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7712cc1-6ea6-5c76-bc7b-39fda7670696","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://45.151.106.204:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.151.106.204:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9c7463b-1993-5ae3-9cb1-bfc3c30d6e10","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://82.38.96.253:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://82.38.96.253:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b4870bc-c3e5-5051-895e-8e7bb27f4452","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://94.103.91.192:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://94.103.91.192:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f51f9ce-a33c-59da-9353-aeb86c428622","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://94.26.83.82:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://94.26.83.82:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aac44e64-fe09-5b7f-869d-677fcecca5ef","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"http://95.179.181.208:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://95.179.181.208:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e8ed9a8-84aa-5bae-b90e-d77dce42cfb2","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"130.12.180.135","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '130.12.180.135']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b2221e3-c9a2-534e-a6d4-23d46fceaadc","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"144.31.151.223","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '144.31.151.223']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--30bafb95-359d-5913-956a-2b804436a1f3","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"178.16.54.109","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '178.16.54.109']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5fcd727-d78d-58a8-a108-7b548941712e","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"178.16.55.234","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '178.16.55.234']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--37457ca2-fe07-5729-aa6e-65d832b4fa62","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"193.24.123.23","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.24.123.23']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ef7e0fb-d695-596f-9d24-18a4be0418ed","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"195.160.220.49","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '195.160.220.49']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--512ddf31-da64-5796-987b-ab7d320eac83","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"209.17.118.17","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '209.17.118.17']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0429baf-371c-56f5-a614-9bf4342139cf","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"34.225.141.85","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.225.141.85']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--501844a4-7670-54f2-a1c6-3e0ee99d8fbd","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"45.151.106.204","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.151.106.204']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fbc0f9c9-ee91-5f13-a232-f61f55e849ac","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"82.38.96.253","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '82.38.96.253']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed358a1a-a5b6-5bf0-96a8-588a38f9a1a6","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"94.103.91.192","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.103.91.192']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ae87e00-5ba7-5b0c-8391-e453ee10f8dd","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"94.26.83.82","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.26.83.82']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3c7e8d1-5ce9-5f6b-a402-f37045d68c81","created":"2026-04-21T12:51:29.000Z","modified":"2026-04-21T12:51:29.000Z","valid_from":"2026-04-21T12:51:29.000Z","name":"95.179.181.208","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '95.179.181.208']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046572531251913108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--78651106-93a3-5798-921d-0ca065acad05","created":"2026-04-21T13:06:36.000Z","modified":"2026-04-21T13:06:36.000Z","valid_from":"2026-04-21T13:06:36.000Z","name":"84905bb61bd007daabfd4498ff73c8a3","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '84905bb61bd007daabfd4498ff73c8a3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046576335234187736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--43993a3c-d595-5809-bd41-d28b82c510fa","created":"2026-04-21T13:37:49.000Z","modified":"2026-04-21T13:37:49.000Z","valid_from":"2026-04-21T13:37:49.000Z","name":"bradesco.ajudanetempresas.info","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bradesco.ajudanetempresas.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046584189768651084"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d3f3741-8716-5c18-b51b-248af3a8f041","created":"2026-04-21T13:37:49.000Z","modified":"2026-04-21T13:37:49.000Z","valid_from":"2026-04-21T13:37:49.000Z","name":"https://bradesco.ajudanetempresas.info/inicio","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bradesco.ajudanetempresas.info/inicio']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046584189768651084"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c89c9a3-d1a0-5680-aec7-be19ea6f8093","created":"2026-04-21T14:09:36.000Z","modified":"2026-04-21T14:09:36.000Z","valid_from":"2026-04-21T14:09:36.000Z","name":"46b1ec2b6a1c9284fa04653188f9a559","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '46b1ec2b6a1c9284fa04653188f9a559']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046592187606220864"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10b97cd6-4ea4-50ac-b88e-f6113db8bf77","created":"2026-04-21T14:09:36.000Z","modified":"2026-04-21T14:09:36.000Z","valid_from":"2026-04-21T14:09:36.000Z","name":"f0c677887d252862fb1d962c73f68912","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'f0c677887d252862fb1d962c73f68912']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046592187606220864"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d20d99d-b82f-59dd-b9e5-0e07966d8870","created":"2026-04-21T14:09:36.000Z","modified":"2026-04-21T14:09:36.000Z","valid_from":"2026-04-21T14:09:36.000Z","name":"af55aa78858a6cee47e5ccab50b79319","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'af55aa78858a6cee47e5ccab50b79319']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046592187606220864"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a45b9ea-6498-5520-b00d-1b9e86dc5c37","created":"2026-04-21T14:09:36.000Z","modified":"2026-04-21T14:09:36.000Z","valid_from":"2026-04-21T14:09:36.000Z","name":"fe884e30188e2a05a0b5a6958bab7104","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'fe884e30188e2a05a0b5a6958bab7104']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046592187606220864"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35e27830-8c1e-53da-be19-bd673113fd86","created":"2026-04-21T14:09:36.000Z","modified":"2026-04-21T14:09:36.000Z","valid_from":"2026-04-21T14:09:36.000Z","name":"29d757d6559b32839efccd8157b293ba","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '29d757d6559b32839efccd8157b293ba']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046592187606220864"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffe6cc41-a168-5076-a868-fe98f30d05a8","created":"2026-04-21T14:41:47.000Z","modified":"2026-04-21T14:41:47.000Z","valid_from":"2026-04-21T14:41:47.000Z","name":"login.zhcn-mobile-haixingsports.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.zhcn-mobile-haixingsports.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046600287302058220"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dff802ea-553f-5ab7-ac39-4061a51381a6","created":"2026-04-21T14:41:47.000Z","modified":"2026-04-21T14:41:47.000Z","valid_from":"2026-04-21T14:41:47.000Z","name":"https://login.zhcn-mobile-haixingsports.com/IRx8pKzBxZW8","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.zhcn-mobile-haixingsports.com/IRx8pKzBxZW8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046600287302058220"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bae1725c-3f40-5a60-9c80-cf01947b195c","created":"2026-04-21T15:03:02.000Z","modified":"2026-04-21T15:03:02.000Z","valid_from":"2026-04-21T15:03:02.000Z","name":"geminicli.co.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'geminicli.co.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2046605636494885329"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--da751896-3a1c-549b-a349-114b3e3e2439","created":"2026-04-21T15:03:02.000Z","modified":"2026-04-21T15:03:02.000Z","valid_from":"2026-04-21T15:03:02.000Z","name":"http://geminicli.co.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://geminicli.co.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2046605636494885329"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--130050a3-bfe9-5f5b-a1ea-76c259fc4fa0","created":"2026-04-21T15:03:02.000Z","modified":"2026-04-21T15:03:02.000Z","valid_from":"2026-04-21T15:03:02.000Z","name":"gemini-setup.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gemini-setup.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2046605636494885329"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c5788f7-98b6-5b20-a101-1aa412a00239","created":"2026-04-21T15:03:02.000Z","modified":"2026-04-21T15:03:02.000Z","valid_from":"2026-04-21T15:03:02.000Z","name":"http://gemini-setup.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gemini-setup.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2046605636494885329"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--869feba0-cbc4-5335-beff-20d926d5a0e7","created":"2026-04-21T15:06:05.000Z","modified":"2026-04-21T15:06:05.000Z","valid_from":"2026-04-21T15:06:05.000Z","name":"pk-mailgov.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pk-mailgov.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046606404136337643"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc847599-15a2-5cab-a803-77aaf091c661","created":"2026-04-21T15:06:05.000Z","modified":"2026-04-21T15:06:05.000Z","valid_from":"2026-04-21T15:06:05.000Z","name":"http://pk-mailgov.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pk-mailgov.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046606404136337643"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0662f9d5-c9c9-5cdf-8f91-39216f5ce315","created":"2026-04-21T15:06:51.000Z","modified":"2026-04-21T15:06:51.000Z","valid_from":"2026-04-21T15:06:51.000Z","name":"login.pc-iqiyisports.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.pc-iqiyisports.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046606595736621510"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6d00503-2637-5359-a807-4a6768cc94e9","created":"2026-04-21T15:06:51.000Z","modified":"2026-04-21T15:06:51.000Z","valid_from":"2026-04-21T15:06:51.000Z","name":"https://login.pc-iqiyisports.com/IJ9IxavNbLob","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.pc-iqiyisports.com/IJ9IxavNbLob']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046606595736621510"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c643df15-e7d7-524f-8237-f70adff58d44","created":"2026-04-21T15:06:51.000Z","modified":"2026-04-21T15:06:51.000Z","valid_from":"2026-04-21T15:06:51.000Z","name":"login.h5-guanjun-sports.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.h5-guanjun-sports.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046606595736621510"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d077ec3b-e2a7-5d92-8e4a-29e227f58c50","created":"2026-04-21T15:06:51.000Z","modified":"2026-04-21T15:06:51.000Z","valid_from":"2026-04-21T15:06:51.000Z","name":"https://login.h5-guanjun-sports.com/tkuD3at8U1Fk","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.h5-guanjun-sports.com/tkuD3at8U1Fk']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046606595736621510"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4c2d0cc-ecc1-5ba8-882b-6d205efed2e4","created":"2026-04-21T15:13:09.000Z","modified":"2026-04-21T15:13:09.000Z","valid_from":"2026-04-21T15:13:09.000Z","name":"https://files.catbox.moe/swbtdq.ps1","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://files.catbox.moe/swbtdq.ps1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2046608181007122909"}],"labels":["Formbook"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83b13fce-72dd-5bd3-8d69-c4dcd5b76fd0","created":"2026-04-21T18:00:04.000Z","modified":"2026-04-21T18:00:04.000Z","valid_from":"2026-04-21T18:00:04.000Z","name":"http://118.194.248.246","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://118.194.248.246']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2046650190183256469"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bd90fee-4a9b-5a80-aeec-b454349593eb","created":"2026-04-21T18:00:04.000Z","modified":"2026-04-21T18:00:04.000Z","valid_from":"2026-04-21T18:00:04.000Z","name":"118.194.248.246","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '118.194.248.246']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2046650190183256469"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f23ba059-fa8f-5420-86fb-953b862f780c","created":"2026-04-21T18:08:49.000Z","modified":"2026-04-21T18:08:49.000Z","valid_from":"2026-04-21T18:08:49.000Z","name":"espaces-primes-resilliation.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'espaces-primes-resilliation.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046652389646533107"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4639d56d-5ab3-5488-a28a-06f9407230b2","created":"2026-04-21T18:08:49.000Z","modified":"2026-04-21T18:08:49.000Z","valid_from":"2026-04-21T18:08:49.000Z","name":"https://espaces-primes-resilliation.com/signin","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://espaces-primes-resilliation.com/signin']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046652389646533107"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe3af13c-6ee4-5bd7-b5ee-3e2d4a5d47a5","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"ntdersg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdersg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72a2c383-4639-5ffe-b87e-844d0b6779ee","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"http://ntdersg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdersg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48fca930-e598-5abf-942c-d898178d3201","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"n-store.ntdersg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-store.ntdersg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0c42bd5-e1f3-59ed-9a44-3c74b960f153","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"http://n-store.ntdersg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-store.ntdersg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5470b44c-0596-5fe5-8643-285c1232e63a","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"n-store.nskrm.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-store.nskrm.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c19ce5fe-e073-5c7c-a7ce-61e3d8326ee8","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"http://n-store.nskrm.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-store.nskrm.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ab38bac-1043-5b54-b87e-99090adcedaf","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"nuser-login.nversg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nuser-login.nversg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39c01985-1ec0-524a-b41e-d464d6dcb710","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"http://nuser-login.nversg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nuser-login.nversg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--430c53a3-4b54-5f8f-aed4-e94e13bc1662","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"nversg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nversg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3286f7e-245a-5b5d-a976-52361be0ea3c","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"http://nversg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nversg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77dd4ffb-22f6-5a7b-abb1-c7987c6736f3","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"n-store.nversg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-store.nversg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e0466ec-7704-57ff-8822-480f154814ef","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"http://n-store.nversg.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-store.nversg.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52fcd180-1c0d-50d6-99bf-c7ae63afc639","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"nlrbin.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nlrbin.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb4b5176-5b5b-5cbd-a930-8bd271ce93d4","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"http://nlrbin.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nlrbin.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b2e7425-e58b-54bb-bf93-79f92ee16843","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"mdlog.mydns.vc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mdlog.mydns.vc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2503b74-cb30-54b8-ace1-d2f1db06ef26","created":"2026-04-21T18:27:59.000Z","modified":"2026-04-21T18:27:59.000Z","valid_from":"2026-04-21T18:27:59.000Z","name":"http://mdlog.mydns.vc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mdlog.mydns.vc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046657213884743918"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--983c7109-8620-53bf-8a1c-628a82c35a21","created":"2026-04-21T18:41:22.000Z","modified":"2026-04-21T18:41:22.000Z","valid_from":"2026-04-21T18:41:22.000Z","name":"http://197.211.59.59","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://197.211.59.59']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046660582984847706"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b252dd18-4912-52a0-8ebf-c49b2438216a","created":"2026-04-21T18:41:22.000Z","modified":"2026-04-21T18:41:22.000Z","valid_from":"2026-04-21T18:41:22.000Z","name":"197.211.59.59","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '197.211.59.59']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046660582984847706"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f4c885c-425c-55a3-92c4-831ba0658a19","created":"2026-04-21T18:47:21.000Z","modified":"2026-04-21T18:47:21.000Z","valid_from":"2026-04-21T18:47:21.000Z","name":"acbcr.ro","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'acbcr.ro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046662085837308179"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5b74fc0-1e21-5a8c-9e50-42ad332a6395","created":"2026-04-21T18:47:21.000Z","modified":"2026-04-21T18:47:21.000Z","valid_from":"2026-04-21T18:47:21.000Z","name":"http://acbcr.ro/wp-content/update.ps1","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://acbcr.ro/wp-content/update.ps1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046662085837308179"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a765a86b-5884-54a9-bdf0-18cfd0537213","created":"2026-04-21T19:29:20.000Z","modified":"2026-04-21T19:29:20.000Z","valid_from":"2026-04-21T19:29:20.000Z","name":"https://204.76.203.196/sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://204.76.203.196/sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046672653419733380"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--163ce658-588e-5b9d-b48f-e9a84186c88f","created":"2026-04-21T19:29:20.000Z","modified":"2026-04-21T19:29:20.000Z","valid_from":"2026-04-21T19:29:20.000Z","name":"163.5.214.40","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '163.5.214.40']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046672653419733380"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4450545f-1557-52e7-83bf-177c553d3914","created":"2026-04-21T19:29:20.000Z","modified":"2026-04-21T19:29:20.000Z","valid_from":"2026-04-21T19:29:20.000Z","name":"204.76.203.196","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '204.76.203.196']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046672653419733380"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--25be3ae0-74eb-5dd6-bb9b-28e8c10bb478","created":"2026-04-21T19:41:01.000Z","modified":"2026-04-21T19:41:01.000Z","valid_from":"2026-04-21T19:41:01.000Z","name":"http://219.75.254.166","description":"IOC reported by @bad_packets on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://219.75.254.166']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bad_packets/status/2046675592175640680"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c437d0f1-8746-5244-8714-26a4580d3a88","created":"2026-04-21T19:41:01.000Z","modified":"2026-04-21T19:41:01.000Z","valid_from":"2026-04-21T19:41:01.000Z","name":"219.75.254.166","description":"IOC reported by @bad_packets on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '219.75.254.166']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bad_packets/status/2046675592175640680"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--13fd11ec-da66-5d2d-ada5-0461a2a13e41","created":"2026-04-21T21:15:00.000Z","modified":"2026-04-21T21:15:00.000Z","valid_from":"2026-04-21T21:15:00.000Z","name":"meet-googles.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'meet-googles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046699243935556090"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--60d14320-99bb-5832-84fc-bd63e2d37b17","created":"2026-04-21T21:15:00.000Z","modified":"2026-04-21T21:15:00.000Z","valid_from":"2026-04-21T21:15:00.000Z","name":"https://meet-googles.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://meet-googles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046699243935556090"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc32b792-ff34-55a1-ae51-3477c84c55d9","created":"2026-04-21T21:15:00.000Z","modified":"2026-04-21T21:15:00.000Z","valid_from":"2026-04-21T21:15:00.000Z","name":"facetime-video-calling.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'facetime-video-calling.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046699243935556090"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a0577708-5ba3-5c97-bdaa-bbe7080de870","created":"2026-04-21T21:15:00.000Z","modified":"2026-04-21T21:15:00.000Z","valid_from":"2026-04-21T21:15:00.000Z","name":"https://facetime-video-calling.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://facetime-video-calling.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046699243935556090"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--146741ba-4d12-5b00-96c6-0af3585b9b24","created":"2026-04-21T22:15:39.000Z","modified":"2026-04-21T22:15:39.000Z","valid_from":"2026-04-21T22:15:39.000Z","name":"34.235.170.239","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.235.170.239']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2046714508291309818"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd26be2f-9105-598f-b1b4-dcb79131886b","created":"2026-04-22T02:48:51.000Z","modified":"2026-04-22T02:48:51.000Z","valid_from":"2026-04-22T02:48:51.000Z","name":"rexlina.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rexlina.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046783261033242766"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7781a626-9c83-5157-8e73-ef086157ec7d","created":"2026-04-22T02:48:51.000Z","modified":"2026-04-22T02:48:51.000Z","valid_from":"2026-04-22T02:48:51.000Z","name":"https://rexlina.com/jp/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rexlina.com/jp/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046783261033242766"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--824e4a2f-a181-51a7-9747-8bf47a8bdabd","created":"2026-04-22T02:53:54.000Z","modified":"2026-04-22T02:53:54.000Z","valid_from":"2026-04-22T02:53:54.000Z","name":"www2-pay.body-yoozhibo.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www2-pay.body-yoozhibo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046784532712677650"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f703ccd6-a15c-55ac-942d-4b0e66e969ef","created":"2026-04-22T02:53:54.000Z","modified":"2026-04-22T02:53:54.000Z","valid_from":"2026-04-22T02:53:54.000Z","name":"https://www2-pay.body-yoozhibo.com/f3UF9eZagpvqn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www2-pay.body-yoozhibo.com/f3UF9eZagpvqn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046784532712677650"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae1e12a3-def7-5463-a5d1-85fc79974d61","created":"2026-04-22T03:44:09.000Z","modified":"2026-04-22T03:44:09.000Z","valid_from":"2026-04-22T03:44:09.000Z","name":"http://102.89.40.154","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://102.89.40.154']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046797178249658432"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--507c61d6-a077-5e13-97ff-4226142b0c23","created":"2026-04-22T03:44:09.000Z","modified":"2026-04-22T03:44:09.000Z","valid_from":"2026-04-22T03:44:09.000Z","name":"102.89.40.154","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '102.89.40.154']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046797178249658432"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--796e3dd6-6b50-5874-9d66-1f243ecdccfe","created":"2026-04-22T04:21:23.000Z","modified":"2026-04-22T04:21:23.000Z","valid_from":"2026-04-22T04:21:23.000Z","name":"31.57.201.126","description":"IOC reported by @solostalking on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.57.201.126']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/solostalking/status/2046806549813989463"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2d9cd09-7708-5361-ab68-4aafe6632379","created":"2026-04-22T05:45:45.000Z","modified":"2026-04-22T05:45:45.000Z","valid_from":"2026-04-22T05:45:45.000Z","name":"3f4221dacc105466932db94b9b210b84","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '3f4221dacc105466932db94b9b210b84']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2046827780952789189"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd72e524-0428-5b9f-8e6f-7039c4bfd011","created":"2026-04-22T06:42:04.000Z","modified":"2026-04-22T06:42:04.000Z","valid_from":"2026-04-22T06:42:04.000Z","name":"www-pay.zh-cng-28circle.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www-pay.zh-cng-28circle.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046841950725361882"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34c9b59a-c1ea-540c-a5b4-3521d92c0399","created":"2026-04-22T06:42:04.000Z","modified":"2026-04-22T06:42:04.000Z","valid_from":"2026-04-22T06:42:04.000Z","name":"https://www-pay.zh-cng-28circle.com/pJB4q6rZR6MQ","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www-pay.zh-cng-28circle.com/pJB4q6rZR6MQ']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046841950725361882"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--801bf104-4af6-5c4d-bcc3-62c51fe15a26","created":"2026-04-22T06:42:04.000Z","modified":"2026-04-22T06:42:04.000Z","valid_from":"2026-04-22T06:42:04.000Z","name":"www2-pay.cnapp-qiuyou.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www2-pay.cnapp-qiuyou.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046841950725361882"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b40eda9-2663-5943-9020-9be7e173862b","created":"2026-04-22T06:42:04.000Z","modified":"2026-04-22T06:42:04.000Z","valid_from":"2026-04-22T06:42:04.000Z","name":"https://www2-pay.cnapp-qiuyou.com/pJ78DYXooavv","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www2-pay.cnapp-qiuyou.com/pJ78DYXooavv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046841950725361882"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b08797b7-f143-57dd-83a8-3be9663e059c","created":"2026-04-22T06:59:50.000Z","modified":"2026-04-22T06:59:50.000Z","valid_from":"2026-04-22T06:59:50.000Z","name":"34.129.172.11","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.129.172.11']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046846421265993990"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--282463f7-4f4d-5c7a-bf94-d6f82e783415","created":"2026-04-22T07:01:16.000Z","modified":"2026-04-22T07:01:16.000Z","valid_from":"2026-04-22T07:01:16.000Z","name":"09f402a02b615dcd14786aaa840db0a2","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '09f402a02b615dcd14786aaa840db0a2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046846784509473162"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1549eb25-90d4-5e77-a9b7-2c732fdecce9","created":"2026-04-22T07:01:16.000Z","modified":"2026-04-22T07:01:16.000Z","valid_from":"2026-04-22T07:01:16.000Z","name":"1b39fce74193dd2cd5c36b2f8b626273","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '1b39fce74193dd2cd5c36b2f8b626273']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046846784509473162"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4af556e-86ef-53eb-8fae-98931c60528d","created":"2026-04-22T07:01:16.000Z","modified":"2026-04-22T07:01:16.000Z","valid_from":"2026-04-22T07:01:16.000Z","name":"2156c270ffe8e4b23b67efed191b9737","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '2156c270ffe8e4b23b67efed191b9737']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046846784509473162"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--53c8d0a7-c248-5931-a05e-d331fa08076d","created":"2026-04-22T07:16:37.000Z","modified":"2026-04-22T07:16:37.000Z","valid_from":"2026-04-22T07:16:37.000Z","name":"83.142.209.13","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '83.142.209.13']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2046850646859542800"}],"labels":["Sliver","opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3ecd7dd-ffdb-5d00-94d6-62b2604b50f9","created":"2026-04-22T07:16:37.000Z","modified":"2026-04-22T07:16:37.000Z","valid_from":"2026-04-22T07:16:37.000Z","name":"35204d0ba3485eb4f0f8104a218e71526d152679f97e65ac878ffb2552f41896","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '35204d0ba3485eb4f0f8104a218e71526d152679f97e65ac878ffb2552f41896']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2046850646859542800"}],"labels":["Sliver","opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56ded3db-2ef9-5570-8342-906b060d7302","created":"2026-04-22T07:16:37.000Z","modified":"2026-04-22T07:16:37.000Z","valid_from":"2026-04-22T07:16:37.000Z","name":"b0e328a131e4d679e9b268552db99ca2d46051b9205a67f9b7f7c1628983daae","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'b0e328a131e4d679e9b268552db99ca2d46051b9205a67f9b7f7c1628983daae']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2046850646859542800"}],"labels":["Sliver","opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab893895-9526-597d-8597-94a3aaa432d5","created":"2026-04-22T07:34:16.000Z","modified":"2026-04-22T07:34:16.000Z","valid_from":"2026-04-22T07:34:16.000Z","name":"http://178.16.54.109","description":"IOC reported by @banthisguy9349 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://178.16.54.109']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/banthisguy9349/status/2046855089554686312"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d538023b-c2e1-5b42-9cdd-15cda7e5c425","created":"2026-04-22T07:34:45.000Z","modified":"2026-04-22T07:34:45.000Z","valid_from":"2026-04-22T07:34:45.000Z","name":"https://github.com/pd1-pd","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/pd1-pd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046855211277602891"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40fa8a2c-b2aa-511f-a48e-3fdd9d166b05","created":"2026-04-22T07:34:45.000Z","modified":"2026-04-22T07:34:45.000Z","valid_from":"2026-04-22T07:34:45.000Z","name":"https://github.com/ud-pd","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/ud-pd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046855211277602891"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2641ff5-acbf-543c-ba47-1132007d9b27","created":"2026-04-22T07:34:45.000Z","modified":"2026-04-22T07:34:45.000Z","valid_from":"2026-04-22T07:34:45.000Z","name":"b767fffe836804aaaa8a7656e842a86b","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'b767fffe836804aaaa8a7656e842a86b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046855211277602891"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--419270de-bd70-5f3d-85b6-20ace95eae44","created":"2026-04-22T07:37:05.000Z","modified":"2026-04-22T07:37:05.000Z","valid_from":"2026-04-22T07:37:05.000Z","name":"dad7c1bf9f1c81526c82638a23f09ce8ef9c3c7515150875e318d5851e7d7866","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'dad7c1bf9f1c81526c82638a23f09ce8ef9c3c7515150875e318d5851e7d7866']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2046855798563774805"}],"labels":["malware","opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0272a8d3-3300-5e8a-ab03-c422c171d407","created":"2026-04-22T08:50:17.000Z","modified":"2026-04-22T08:50:17.000Z","valid_from":"2026-04-22T08:50:17.000Z","name":"casatua-srl.it","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'casatua-srl.it']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046874219741319460"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2bc090c5-a6ff-56af-ac95-5260a491f25d","created":"2026-04-22T08:50:17.000Z","modified":"2026-04-22T08:50:17.000Z","valid_from":"2026-04-22T08:50:17.000Z","name":"https://www.casatua-srl.it/category/nest-s/","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.casatua-srl.it/category/nest-s/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046874219741319460"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3596956-04e9-52fb-8b2f-514f4079d00e","created":"2026-04-22T08:50:17.000Z","modified":"2026-04-22T08:50:17.000Z","valid_from":"2026-04-22T08:50:17.000Z","name":"31.11.36.56","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.11.36.56']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2046874219741319460"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c193f364-2585-5251-858e-dc60bb628801","created":"2026-04-22T09:42:07.000Z","modified":"2026-04-22T09:42:07.000Z","valid_from":"2026-04-22T09:42:07.000Z","name":"0d1879f7ccf9b714809cd3f199c478e1","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '0d1879f7ccf9b714809cd3f199c478e1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046887262550700043"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a5873ca-2bcf-527e-903b-1659d5dcfc89","created":"2026-04-22T10:20:13.000Z","modified":"2026-04-22T10:20:13.000Z","valid_from":"2026-04-22T10:20:13.000Z","name":"http://85.239.144.4:6600/bsg5s7fn/cloudflareagent_2.msi","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://85.239.144.4:6600/bsg5s7fn/cloudflareagent_2.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046896849177416025"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9974bff0-e984-5112-bbc6-bec1836b6e70","created":"2026-04-22T10:20:13.000Z","modified":"2026-04-22T10:20:13.000Z","valid_from":"2026-04-22T10:20:13.000Z","name":"85.239.144.4","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '85.239.144.4']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046896849177416025"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--352c6edf-1e35-5ff3-b019-d8dfcf1ff64a","created":"2026-04-22T10:48:22.000Z","modified":"2026-04-22T10:48:22.000Z","valid_from":"2026-04-22T10:48:22.000Z","name":"9ccf47da8f2175e0add22d45a40826c7","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '9ccf47da8f2175e0add22d45a40826c7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046903934313468382"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3fabb97-8625-582c-9e5b-c2f3ca73ae95","created":"2026-04-22T11:06:56.000Z","modified":"2026-04-22T11:06:56.000Z","valid_from":"2026-04-22T11:06:56.000Z","name":"be0ad849e3bbc533515e172f9148dda9","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'be0ad849e3bbc533515e172f9148dda9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046908608945000918"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83b13fce-72dd-5bd3-8d69-c4dcd5b76fd0","created":"2026-04-22T11:22:28.000Z","modified":"2026-04-22T11:22:28.000Z","valid_from":"2026-04-22T11:22:28.000Z","name":"http://118.194.248.246","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://118.194.248.246']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046912517738201496"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bd90fee-4a9b-5a80-aeec-b454349593eb","created":"2026-04-22T11:22:28.000Z","modified":"2026-04-22T11:22:28.000Z","valid_from":"2026-04-22T11:22:28.000Z","name":"118.194.248.246","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '118.194.248.246']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046912517738201496"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5d84bf9-6b02-57dc-94bc-bbfea0099af0","created":"2026-04-22T11:49:23.000Z","modified":"2026-04-22T11:49:23.000Z","valid_from":"2026-04-22T11:49:23.000Z","name":"4db0c13dbd77c988666490be9537cbe7","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '4db0c13dbd77c988666490be9537cbe7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2046919291107459496"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc676720-ca80-576e-b049-927571ec5b85","created":"2026-04-22T12:03:10.000Z","modified":"2026-04-22T12:03:10.000Z","valid_from":"2026-04-22T12:03:10.000Z","name":"existadigital.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'existadigital.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046922757406138541"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--51b01898-388d-596e-afbf-b3c6e8eb3784","created":"2026-04-22T12:03:10.000Z","modified":"2026-04-22T12:03:10.000Z","valid_from":"2026-04-22T12:03:10.000Z","name":"https://existadigital.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://existadigital.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046922757406138541"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4d3a5b4-2a1e-5082-b916-486383867054","created":"2026-04-22T12:03:10.000Z","modified":"2026-04-22T12:03:10.000Z","valid_from":"2026-04-22T12:03:10.000Z","name":"http://existadigital.com/rss/","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://existadigital.com/rss/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046922757406138541"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2de9f87f-eeda-5350-a2f3-a3305832200c","created":"2026-04-22T12:03:10.000Z","modified":"2026-04-22T12:03:10.000Z","valid_from":"2026-04-22T12:03:10.000Z","name":"http://existadigital.com/rsv/","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://existadigital.com/rsv/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2046922757406138541"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad055fe7-5ccc-526c-b4fb-3f5325adbf20","created":"2026-04-22T12:22:50.000Z","modified":"2026-04-22T12:22:50.000Z","valid_from":"2026-04-22T12:22:50.000Z","name":"admin.booking.com-complete-captcha.info","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'admin.booking.com-complete-captcha.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2046927710484566298"}],"labels":["ClickFix","HijackLoader"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e7ac48f-32ff-541a-bee2-8b553fdeb076","created":"2026-04-22T12:22:50.000Z","modified":"2026-04-22T12:22:50.000Z","valid_from":"2026-04-22T12:22:50.000Z","name":"https://admin.booking.com-complete-captcha.info","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://admin.booking.com-complete-captcha.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2046927710484566298"}],"labels":["ClickFix","HijackLoader"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3bf0dd3-8804-5507-918d-f490f93b443c","created":"2026-04-22T12:22:50.000Z","modified":"2026-04-22T12:22:50.000Z","valid_from":"2026-04-22T12:22:50.000Z","name":"lkgkdsjd.com","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lkgkdsjd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2046927710484566298"}],"labels":["ClickFix","HijackLoader"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a095997c-f888-5a32-93ef-f32416695a5d","created":"2026-04-22T12:22:50.000Z","modified":"2026-04-22T12:22:50.000Z","valid_from":"2026-04-22T12:22:50.000Z","name":"https://lkgkdsjd.com/s.php","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://lkgkdsjd.com/s.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2046927710484566298"}],"labels":["ClickFix","HijackLoader"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d9bc54e-452d-5215-a5f2-43a2a4e13b6f","created":"2026-04-22T12:55:52.000Z","modified":"2026-04-22T12:55:52.000Z","valid_from":"2026-04-22T12:55:52.000Z","name":"http://104.234.63.187:1902/Arquivo.dll","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.234.63.187:1902/Arquivo.dll']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046936022827573276"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ea1734f-fa30-5bdc-8abf-7bf960fa15b3","created":"2026-04-22T12:55:52.000Z","modified":"2026-04-22T12:55:52.000Z","valid_from":"2026-04-22T12:55:52.000Z","name":"104.234.63.187","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.234.63.187']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046936022827573276"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb4db20b-a575-521e-9801-164e851b341c","created":"2026-04-22T14:00:16.000Z","modified":"2026-04-22T14:00:16.000Z","valid_from":"2026-04-22T14:00:16.000Z","name":"https://lkgkdsjd.com/jpn.7z","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://lkgkdsjd.com/jpn.7z']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046952227726577792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--36c5173f-838d-535a-978d-b5ec28786ab5","created":"2026-04-22T14:12:30.000Z","modified":"2026-04-22T14:12:30.000Z","valid_from":"2026-04-22T14:12:30.000Z","name":"momentum-effects-anderson-conferencing.trycloudflare.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'momentum-effects-anderson-conferencing.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2046955307524329828"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2999259-31e6-5794-a191-2a323adc31d1","created":"2026-04-22T14:12:30.000Z","modified":"2026-04-22T14:12:30.000Z","valid_from":"2026-04-22T14:12:30.000Z","name":"https://momentum-effects-anderson-conferencing.trycloudflare.com/login","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://momentum-effects-anderson-conferencing.trycloudflare.com/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2046955307524329828"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f3bee86-432e-53d7-8ab6-5eab75fb4afc","created":"2026-04-22T14:48:46.000Z","modified":"2026-04-22T14:48:46.000Z","valid_from":"2026-04-22T14:48:46.000Z","name":"20.198.18.136","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '20.198.18.136']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2046964434719953371"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fd423ed-81dd-5c90-b255-9b366d3cb777","created":"2026-04-22T14:59:43.000Z","modified":"2026-04-22T14:59:43.000Z","valid_from":"2026-04-22T14:59:43.000Z","name":"94.26.90.139","description":"IOC reported by @solostalking on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.26.90.139']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/solostalking/status/2046967188146495761"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f0f51f5-4f3d-5c16-8967-0de055fe3780","created":"2026-04-22T14:59:43.000Z","modified":"2026-04-22T14:59:43.000Z","valid_from":"2026-04-22T14:59:43.000Z","name":"4ec1a103a2159ae55b4d075828b80c85ed6467c73457c969b725c19b0758f5d3","description":"IOC reported by @solostalking on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '4ec1a103a2159ae55b4d075828b80c85ed6467c73457c969b725c19b0758f5d3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/solostalking/status/2046967188146495761"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--591d4e61-df27-52af-8222-c52f114d3c6d","created":"2026-04-22T15:10:32.000Z","modified":"2026-04-22T15:10:32.000Z","valid_from":"2026-04-22T15:10:32.000Z","name":"zezvpyk.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zezvpyk.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046969910707023972"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ecad0f54-3f13-5bb7-b0f8-2da10af3ef1f","created":"2026-04-22T15:10:32.000Z","modified":"2026-04-22T15:10:32.000Z","valid_from":"2026-04-22T15:10:32.000Z","name":"https://zezvpyk.cn/g1/w2/g2/dw=dianlis/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zezvpyk.cn/g1/w2/g2/dw=dianlis/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2046969910707023972"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c90ad352-b025-533a-848b-49ce94b9c0ac","created":"2026-04-22T15:25:14.000Z","modified":"2026-04-22T15:25:14.000Z","valid_from":"2026-04-22T15:25:14.000Z","name":"http://23.94.252.145/share/","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://23.94.252.145/share/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046973613165654419"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--402165ca-5525-56b8-9cbe-7da0c4c59cca","created":"2026-04-22T15:25:14.000Z","modified":"2026-04-22T15:25:14.000Z","valid_from":"2026-04-22T15:25:14.000Z","name":"23.94.252.145","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '23.94.252.145']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2046973613165654419"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c4b234f-c5bd-5f4e-96c6-0d95afb60180","created":"2026-04-22T15:53:23.000Z","modified":"2026-04-22T15:53:23.000Z","valid_from":"2026-04-22T15:53:23.000Z","name":"da4c156e240ba254f2a88ecd980cc5c1410814745ac08ddc68abb2d19eff277c","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'da4c156e240ba254f2a88ecd980cc5c1410814745ac08ddc68abb2d19eff277c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2046980694446837968"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9da1676a-0b15-5752-81cf-b8aa22a60c01","created":"2026-04-22T15:56:04.000Z","modified":"2026-04-22T15:56:04.000Z","valid_from":"2026-04-22T15:56:04.000Z","name":"www-pay.mobile-tiantianyingqiu.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www-pay.mobile-tiantianyingqiu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2046981371567145324"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4084758-983f-58b9-b3f7-e5c5e261d29b","created":"2026-04-22T15:56:04.000Z","modified":"2026-04-22T15:56:04.000Z","valid_from":"2026-04-22T15:56:04.000Z","name":"https://www-pay.mobile-tiantianyingqiu.com/5p4x1uq2","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www-pay.mobile-tiantianyingqiu.com/5p4x1uq2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2046981371567145324"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ed74f70-4ac3-514b-a05d-0e13e9d2d9f3","created":"2026-04-22T18:00:04.000Z","modified":"2026-04-22T18:00:04.000Z","valid_from":"2026-04-22T18:00:04.000Z","name":"nhls.o-r.kr","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhls.o-r.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2047012577616761008"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bcdec6cb-78df-5c83-8cb0-b785b81803ed","created":"2026-04-22T18:00:04.000Z","modified":"2026-04-22T18:00:04.000Z","valid_from":"2026-04-22T18:00:04.000Z","name":"http://nhls.o-r.kr","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhls.o-r.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2047012577616761008"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30d13d9a-20df-5f66-b86d-f2e8f16c0463","created":"2026-04-22T18:00:04.000Z","modified":"2026-04-22T18:00:04.000Z","valid_from":"2026-04-22T18:00:04.000Z","name":"http://163.245.215.46","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://163.245.215.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2047012577616761008"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31757c9b-791e-52a5-8424-d411f57cbb59","created":"2026-04-22T18:00:04.000Z","modified":"2026-04-22T18:00:04.000Z","valid_from":"2026-04-22T18:00:04.000Z","name":"163.245.215.46","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '163.245.215.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2047012577616761008"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a44ed6d-fcb8-5a81-930c-dc8feedf67a6","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"n-corp.ipsmkt.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-corp.ipsmkt.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10ad755b-114a-5a20-ab84-d6ddc84cdf86","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"http://n-corp.ipsmkt.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-corp.ipsmkt.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec222a26-e11e-5383-9a3d-bb02a5904bb0","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"nwlogn.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nwlogn.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3bd115e-07a6-534f-8730-a0fff20d549e","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"http://nwlogn.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nwlogn.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc5daa05-f7c1-52ef-8118-4525506ac64a","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"nid-user.taxalert.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-user.taxalert.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3ed0378-6420-5aa8-8cc3-15bd4cabd224","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"http://nid-user.taxalert.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-user.taxalert.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f2addd7-9e7c-5d5a-b75a-0fe4459ad4cf","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"lgtax.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lgtax.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc09c9ba-7e60-5561-9e15-a63aa6475792","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"http://lgtax.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lgtax.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--559ffc91-2a8d-5c82-8177-e01847d8fc35","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"bigdeal.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bigdeal.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2bd6cc3a-2eb3-586a-9c39-593e219f39e9","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"http://bigdeal.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bigdeal.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9822ce72-904f-5daa-a174-8190ed3970a1","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"reloguser2.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'reloguser2.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72c426d5-6336-58c2-9476-76c6773804e1","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"http://reloguser2.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://reloguser2.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--09570e70-ef1d-5101-bf43-2fbd8cb7a047","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"msapw.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'msapw.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b92d8d68-1dce-5bb5-9681-63edbae880c0","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"http://msapw.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://msapw.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--70fc5b23-a7ce-58e0-86de-270560e8e873","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"nuser-login.nversf.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nuser-login.nversf.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5de9a3d-1d78-5c98-b2e0-2f44fa54fe36","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"http://nuser-login.nversf.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nuser-login.nversf.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af1e1026-00cb-5060-b8fa-35abf6d0843e","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"n-corp.mvtsl.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-corp.mvtsl.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4dc4953b-b5b9-5cb4-aaf6-b5cd29a5c332","created":"2026-04-22T18:35:27.000Z","modified":"2026-04-22T18:35:27.000Z","valid_from":"2026-04-22T18:35:27.000Z","name":"http://n-corp.mvtsl.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-corp.mvtsl.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047021479523496153"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5083c65-581e-50a9-a1b2-2b5e8b9d9eb4","created":"2026-04-22T19:16:26.000Z","modified":"2026-04-22T19:16:26.000Z","valid_from":"2026-04-22T19:16:26.000Z","name":"DropCatch.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'DropCatch.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047031793061069073"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--428925c6-e70f-5ea8-9818-09a1770762cd","created":"2026-04-22T19:16:26.000Z","modified":"2026-04-22T19:16:26.000Z","valid_from":"2026-04-22T19:16:26.000Z","name":"https://www.DropCatch.com/domain/owfield.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.DropCatch.com/domain/owfield.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047031793061069073"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af757a50-e128-531c-9e67-25b539548374","created":"2026-04-22T19:56:14.000Z","modified":"2026-04-22T19:56:14.000Z","valid_from":"2026-04-22T19:56:14.000Z","name":"178.16.55.178","description":"IOC reported by @Alopsis on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '178.16.55.178']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Alopsis/status/2047041811999269373"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--146741ba-4d12-5b00-96c6-0af3585b9b24","created":"2026-04-22T20:25:39.000Z","modified":"2026-04-22T20:25:39.000Z","valid_from":"2026-04-22T20:25:39.000Z","name":"34.235.170.239","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.235.170.239']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2047049212366336473"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fb13ec9-4b6d-546f-b4df-4d49947a0fcd","created":"2026-04-22T20:36:51.000Z","modified":"2026-04-22T20:36:51.000Z","valid_from":"2026-04-22T20:36:51.000Z","name":"intelligent-std-lending-dark.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'intelligent-std-lending-dark.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047052031785873614"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--124960d7-ed39-53e0-ae04-1fdb7501a0c7","created":"2026-04-22T20:36:51.000Z","modified":"2026-04-22T20:36:51.000Z","valid_from":"2026-04-22T20:36:51.000Z","name":"http://intelligent-std-lending-dark.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://intelligent-std-lending-dark.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047052031785873614"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--49ba96e8-e28d-5e36-85d6-2c9267bd2825","created":"2026-04-22T20:40:23.000Z","modified":"2026-04-22T20:40:23.000Z","valid_from":"2026-04-22T20:40:23.000Z","name":"defence-communist-albums-desert.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'defence-communist-albums-desert.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047052920525316427"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dbe21e73-02ef-539f-ac43-9deb91fcd787","created":"2026-04-22T20:40:23.000Z","modified":"2026-04-22T20:40:23.000Z","valid_from":"2026-04-22T20:40:23.000Z","name":"https://defence-communist-albums-desert.trycloudflare.com/api/beacon","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://defence-communist-albums-desert.trycloudflare.com/api/beacon']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047052920525316427"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--09b85c03-9ea7-5b5d-b5e5-3679c5668aca","created":"2026-04-22T22:05:20.000Z","modified":"2026-04-22T22:05:20.000Z","valid_from":"2026-04-22T22:05:20.000Z","name":"http://42.224.2.129:53615/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://42.224.2.129:53615/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2047074299761041677"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--94feda4c-f8c8-5291-8737-6bdda6674011","created":"2026-04-22T22:05:20.000Z","modified":"2026-04-22T22:05:20.000Z","valid_from":"2026-04-22T22:05:20.000Z","name":"42.224.2.129","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '42.224.2.129']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2047074299761041677"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c952a84-0cfb-5a9d-a3af-b459093ad429","created":"2026-04-22T22:44:40.000Z","modified":"2026-04-22T22:44:40.000Z","valid_from":"2026-04-22T22:44:40.000Z","name":"jogador-346433389908.southamerica-east1.run.app","description":"IOC reported by @ankh_corp on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jogador-346433389908.southamerica-east1.run.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ankh_corp/status/2047084200281395553"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--24bef749-6703-594a-b9b1-0fdbe6cbfc12","created":"2026-04-22T22:44:40.000Z","modified":"2026-04-22T22:44:40.000Z","valid_from":"2026-04-22T22:44:40.000Z","name":"https://jogador-346433389908.southamerica-east1.run.app","description":"IOC reported by @ankh_corp on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jogador-346433389908.southamerica-east1.run.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ankh_corp/status/2047084200281395553"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--555b8fd8-21c7-590d-906f-a76e18c45d82","created":"2026-04-22T22:44:40.000Z","modified":"2026-04-22T22:44:40.000Z","valid_from":"2026-04-22T22:44:40.000Z","name":"pedagiodigital-automatico.com","description":"IOC reported by @ankh_corp on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pedagiodigital-automatico.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ankh_corp/status/2047084200281395553"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--06896399-f281-5417-bdfc-6ac937c36424","created":"2026-04-22T22:44:40.000Z","modified":"2026-04-22T22:44:40.000Z","valid_from":"2026-04-22T22:44:40.000Z","name":"http://pedagiodigital-automatico.com","description":"IOC reported by @ankh_corp on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pedagiodigital-automatico.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ankh_corp/status/2047084200281395553"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8dcfec81-72d9-54e3-8c51-7d00b67a54ef","created":"2026-04-22T22:59:56.000Z","modified":"2026-04-22T22:59:56.000Z","valid_from":"2026-04-22T22:59:56.000Z","name":"dns1.afeeshost.ltd","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dns1.afeeshost.ltd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2047088041383100492"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be9f9798-7224-56e0-b229-b24888abf965","created":"2026-04-22T22:59:56.000Z","modified":"2026-04-22T22:59:56.000Z","valid_from":"2026-04-22T22:59:56.000Z","name":"http://dns1.afeeshost.ltd","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dns1.afeeshost.ltd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2047088041383100492"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15706742-f8ad-5e85-92c3-3f39e6acc743","created":"2026-04-22T22:59:56.000Z","modified":"2026-04-22T22:59:56.000Z","valid_from":"2026-04-22T22:59:56.000Z","name":"dns2.afeeshost.ltd","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dns2.afeeshost.ltd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2047088041383100492"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48439473-7572-5e8b-bff6-7cfbe4ce8ac0","created":"2026-04-22T22:59:56.000Z","modified":"2026-04-22T22:59:56.000Z","valid_from":"2026-04-22T22:59:56.000Z","name":"http://dns2.afeeshost.ltd","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dns2.afeeshost.ltd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2047088041383100492"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0540133e-166b-55dd-bb5f-357b4ba0e9e7","created":"2026-04-22T22:59:56.000Z","modified":"2026-04-22T22:59:56.000Z","valid_from":"2026-04-22T22:59:56.000Z","name":"dns3.afeeshost.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dns3.afeeshost.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2047088041383100492"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d26bf661-6fd8-5b90-b507-a72104df1247","created":"2026-04-22T22:59:56.000Z","modified":"2026-04-22T22:59:56.000Z","valid_from":"2026-04-22T22:59:56.000Z","name":"http://dns3.afeeshost.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dns3.afeeshost.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2047088041383100492"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--555b8fd8-21c7-590d-906f-a76e18c45d82","created":"2026-04-23T00:09:03.000Z","modified":"2026-04-23T00:09:03.000Z","valid_from":"2026-04-23T00:09:03.000Z","name":"pedagiodigital-automatico.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pedagiodigital-automatico.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047105433081397411"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--06896399-f281-5417-bdfc-6ac937c36424","created":"2026-04-23T00:09:03.000Z","modified":"2026-04-23T00:09:03.000Z","valid_from":"2026-04-23T00:09:03.000Z","name":"http://pedagiodigital-automatico.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pedagiodigital-automatico.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047105433081397411"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c31157b-0f13-5f6c-9af7-0a4cfd3ef243","created":"2026-04-23T00:14:33.000Z","modified":"2026-04-23T00:14:33.000Z","valid_from":"2026-04-23T00:14:33.000Z","name":"onlinemediascifras.lat","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'onlinemediascifras.lat']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2047106819974169055"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce40c651-6f74-5e25-84af-c3849a756b79","created":"2026-04-23T00:14:33.000Z","modified":"2026-04-23T00:14:33.000Z","valid_from":"2026-04-23T00:14:33.000Z","name":"https://onlinemediascifras.lat","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://onlinemediascifras.lat']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2047106819974169055"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af07f3fb-742d-5ea1-9738-460553f3a31a","created":"2026-04-23T00:14:33.000Z","modified":"2026-04-23T00:14:33.000Z","valid_from":"2026-04-23T00:14:33.000Z","name":"bcondinoclientes.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bcondinoclientes.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2047106819974169055"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a57f2485-13c8-5a3f-bf08-5998b1ac79d0","created":"2026-04-23T00:14:33.000Z","modified":"2026-04-23T00:14:33.000Z","valid_from":"2026-04-23T00:14:33.000Z","name":"https://bcondinoclientes.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bcondinoclientes.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2047106819974169055"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c28b7ba-5bdc-5e5f-b2de-1d662cc1f959","created":"2026-04-23T00:14:33.000Z","modified":"2026-04-23T00:14:33.000Z","valid_from":"2026-04-23T00:14:33.000Z","name":"abc-acessoseguro.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'abc-acessoseguro.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2047106819974169055"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a256a9e-35cc-5bd7-9e6a-77dffbc7bb5c","created":"2026-04-23T00:14:33.000Z","modified":"2026-04-23T00:14:33.000Z","valid_from":"2026-04-23T00:14:33.000Z","name":"https://www.abc-acessoseguro.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.abc-acessoseguro.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2047106819974169055"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1260e21-6de4-5485-a580-a9830c623c5f","created":"2026-04-23T00:14:33.000Z","modified":"2026-04-23T00:14:33.000Z","valid_from":"2026-04-23T00:14:33.000Z","name":"de-kunden-sicherheit.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'de-kunden-sicherheit.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2047106819974169055"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--958c33ef-6269-5c2e-8647-6631566660df","created":"2026-04-23T00:14:33.000Z","modified":"2026-04-23T00:14:33.000Z","valid_from":"2026-04-23T00:14:33.000Z","name":"https://de-kunden-sicherheit.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://de-kunden-sicherheit.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2047106819974169055"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7b38528-d882-5054-8db5-febb9d7b054e","created":"2026-04-23T00:46:26.000Z","modified":"2026-04-23T00:46:26.000Z","valid_from":"2026-04-23T00:46:26.000Z","name":"macclean-storage.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'macclean-storage.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047114841899626502"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc9cb5cd-d1e6-5449-bfdf-5ceabc166aea","created":"2026-04-23T00:46:26.000Z","modified":"2026-04-23T00:46:26.000Z","valid_from":"2026-04-23T00:46:26.000Z","name":"http://macclean-storage.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://macclean-storage.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047114841899626502"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--649ac9b2-9ab1-5265-a3f0-9d96bd1f9ed7","created":"2026-04-23T00:46:26.000Z","modified":"2026-04-23T00:46:26.000Z","valid_from":"2026-04-23T00:46:26.000Z","name":"arkypc.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'arkypc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047114841899626502"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71d16e4d-3d39-57f4-93f7-7fc35934ee0c","created":"2026-04-23T00:46:26.000Z","modified":"2026-04-23T00:46:26.000Z","valid_from":"2026-04-23T00:46:26.000Z","name":"http://arkypc.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://arkypc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047114841899626502"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8ae0c20-4541-5059-908d-dae5a57067d1","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"additioniqqwu.shop","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'additioniqqwu.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9aa22df7-7bc9-5824-8138-d37d374ef7d9","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"http://additioniqqwu.shop","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://additioniqqwu.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--45f5da0b-bb0d-5796-a77e-066631734c13","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"coneogz.cyou","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'coneogz.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--429308ea-3005-5e7c-b872-9d0f45a7d55f","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"http://coneogz.cyou","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://coneogz.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e26320a0-5153-5b97-8dd1-c895e190ecb8","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"grannndjtaom.shop","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'grannndjtaom.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5636e988-97fc-5045-b5e2-9dbc755efb71","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"http://grannndjtaom.shop","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://grannndjtaom.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f26067ba-1b78-57c8-999b-4cef4accf2d2","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"jhardwaredwi.buzz","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jhardwaredwi.buzz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c88cc3f6-86c5-57a3-a6b0-6ab69b8120ec","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"http://jhardwaredwi.buzz","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jhardwaredwi.buzz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c829cfd0-f354-5520-b6f7-21b0b0cb23f1","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"leypuuq.cyou","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'leypuuq.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ecfa8723-04dc-5b30-8c1c-26fab7dc7d1b","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"http://leypuuq.cyou","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://leypuuq.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e699ab2d-58c4-5ef0-8053-50349e816d45","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"overwrougemny.shop","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'overwrougemny.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7473166-6e5c-5c60-b099-a5f2f91a4ab4","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"http://overwrougemny.shop","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://overwrougemny.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--260bb23f-df3e-568f-beb3-117d52ad00d1","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"sep0.filetip.shop","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sep0.filetip.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--303e83df-8ec2-5600-a27f-05e3fd4d6722","created":"2026-04-23T05:36:48.000Z","modified":"2026-04-23T05:36:48.000Z","valid_from":"2026-04-23T05:36:48.000Z","name":"http://sep0.filetip.shop","description":"IOC reported by @ishivtripathi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sep0.filetip.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ishivtripathi/status/2047187915395281292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f55f0998-1126-5995-86b0-d4d39189d54c","created":"2026-04-23T06:03:46.000Z","modified":"2026-04-23T06:03:46.000Z","valid_from":"2026-04-23T06:03:46.000Z","name":"leypuuq.cy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'leypuuq.cy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047194700109517205"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--12eb4e3b-8f36-5f20-8958-11ffebeb235b","created":"2026-04-23T06:03:46.000Z","modified":"2026-04-23T06:03:46.000Z","valid_from":"2026-04-23T06:03:46.000Z","name":"http://leypuuq.cy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://leypuuq.cy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047194700109517205"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f21fa09-700d-5bed-b693-3d807bd79b05","created":"2026-04-23T06:26:03.000Z","modified":"2026-04-23T06:26:03.000Z","valid_from":"2026-04-23T06:26:03.000Z","name":"yrcwaptq.x13hm8.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'yrcwaptq.x13hm8.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2047200310414942400"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--db974fea-190b-5c15-b4e7-36276eabaef0","created":"2026-04-23T06:26:03.000Z","modified":"2026-04-23T06:26:03.000Z","valid_from":"2026-04-23T06:26:03.000Z","name":"https://yrcwaptq.x13hm8.cn/gpajp/accunt/lginox/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://yrcwaptq.x13hm8.cn/gpajp/accunt/lginox/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2047200310414942400"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1b6f075-1e86-54c2-a0c0-dc776910bea8","created":"2026-04-23T06:36:07.000Z","modified":"2026-04-23T06:36:07.000Z","valid_from":"2026-04-23T06:36:07.000Z","name":"meekys.mtffx.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'meekys.mtffx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2047202842575052876"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8dcff19-9c8a-5d1f-8a33-2620747f3b3a","created":"2026-04-23T06:36:07.000Z","modified":"2026-04-23T06:36:07.000Z","valid_from":"2026-04-23T06:36:07.000Z","name":"https://meekys.mtffx.cn/gpajp/accunt/lginox/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://meekys.mtffx.cn/gpajp/accunt/lginox/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2047202842575052876"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--93105af1-9bae-50ee-add1-7b7d721b48b4","created":"2026-04-23T07:12:21.000Z","modified":"2026-04-23T07:12:21.000Z","valid_from":"2026-04-23T07:12:21.000Z","name":"FranceVerif.fr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'FranceVerif.fr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047211959875936301"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--72f3149e-9eb2-582b-acba-78b3e97a68c5","created":"2026-04-23T07:12:21.000Z","modified":"2026-04-23T07:12:21.000Z","valid_from":"2026-04-23T07:12:21.000Z","name":"http://FranceVerif.fr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://FranceVerif.fr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047211959875936301"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3a567b5-eae4-5093-beb0-19bc32fa7d1d","created":"2026-04-23T07:16:00.000Z","modified":"2026-04-23T07:16:00.000Z","valid_from":"2026-04-23T07:16:00.000Z","name":"vk6t8m2.travelmarkbd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vk6t8m2.travelmarkbd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047212879460417908"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc3383e8-4064-526f-ba8f-0582d4a36900","created":"2026-04-23T07:16:00.000Z","modified":"2026-04-23T07:16:00.000Z","valid_from":"2026-04-23T07:16:00.000Z","name":"http://vk6t8m2.travelmarkbd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vk6t8m2.travelmarkbd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047212879460417908"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f54a2ff6-8b80-5e07-82d9-fe800f122577","created":"2026-04-23T07:22:15.000Z","modified":"2026-04-23T07:22:15.000Z","valid_from":"2026-04-23T07:22:15.000Z","name":"rbxmnbuzo.ksfmdqq.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rbxmnbuzo.ksfmdqq.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2047214450617524456"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--527da13f-4455-584f-bbf2-456894c95f09","created":"2026-04-23T07:22:15.000Z","modified":"2026-04-23T07:22:15.000Z","valid_from":"2026-04-23T07:22:15.000Z","name":"https://rbxmnbuzo.ksfmdqq.cn/nomelo/login_index/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rbxmnbuzo.ksfmdqq.cn/nomelo/login_index/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2047214450617524456"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a778ed-12bc-5745-aed6-1d018da22ec4","created":"2026-04-23T07:22:15.000Z","modified":"2026-04-23T07:22:15.000Z","valid_from":"2026-04-23T07:22:15.000Z","name":"43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2047214450617524456"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1fd9ec0-cdb0-53d2-b426-8bf3bc603d42","created":"2026-04-23T08:16:51.000Z","modified":"2026-04-23T08:16:51.000Z","valid_from":"2026-04-23T08:16:51.000Z","name":"7500a83a4356b3dfa3e0cdfc62d0582b","description":"IOC reported by @ShadowChasing1 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '7500a83a4356b3dfa3e0cdfc62d0582b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowChasing1/status/2047228191283294703"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e43742d7-151c-535e-8fa9-cdfca90e9df5","created":"2026-04-23T08:23:42.000Z","modified":"2026-04-23T08:23:42.000Z","valid_from":"2026-04-23T08:23:42.000Z","name":"http://144.126.148.231","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://144.126.148.231']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2047229915389370795"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0c171f5-cdf7-556b-affa-648c92d1a7bb","created":"2026-04-23T08:23:42.000Z","modified":"2026-04-23T08:23:42.000Z","valid_from":"2026-04-23T08:23:42.000Z","name":"http://144.126.148.231/share/","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://144.126.148.231/share/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2047229915389370795"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3aed0518-9fb1-55b8-9a63-d8efd09195b6","created":"2026-04-23T08:23:42.000Z","modified":"2026-04-23T08:23:42.000Z","valid_from":"2026-04-23T08:23:42.000Z","name":"144.126.148.231","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '144.126.148.231']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2047229915389370795"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--47acc1e5-702b-5003-b9e1-b356974c23f5","created":"2026-04-23T08:49:09.000Z","modified":"2026-04-23T08:49:09.000Z","valid_from":"2026-04-23T08:49:09.000Z","name":"paksecurity.org","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'paksecurity.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2047236320410374389"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c392f14-4dc2-5088-94c2-7ad5f7c4ed36","created":"2026-04-23T08:49:09.000Z","modified":"2026-04-23T08:49:09.000Z","valid_from":"2026-04-23T08:49:09.000Z","name":"http://paksecurity.org","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://paksecurity.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2047236320410374389"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--72137c3e-31e8-5db4-bb37-025ac25544d7","created":"2026-04-23T09:02:46.000Z","modified":"2026-04-23T09:02:46.000Z","valid_from":"2026-04-23T09:02:46.000Z","name":"visaimage-storage.icu","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'visaimage-storage.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047239747685249414"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d544e294-870f-5aad-b570-1db28758c935","created":"2026-04-23T09:02:46.000Z","modified":"2026-04-23T09:02:46.000Z","valid_from":"2026-04-23T09:02:46.000Z","name":"http://visaimage-storage.icu","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://visaimage-storage.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047239747685249414"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1996b1c0-87fa-56d5-ba41-b069d9fcf7ad","created":"2026-04-23T09:07:42.000Z","modified":"2026-04-23T09:07:42.000Z","valid_from":"2026-04-23T09:07:42.000Z","name":"http://193.169.194.39","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.169.194.39']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047240990591680806"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--21c51a80-f0f3-54c8-a09b-9ea49b0a39d6","created":"2026-04-23T09:07:42.000Z","modified":"2026-04-23T09:07:42.000Z","valid_from":"2026-04-23T09:07:42.000Z","name":"193.169.194.39","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.169.194.39']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047240990591680806"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5496edb6-bc19-50bc-9ff0-d3fbbbba9d1d","created":"2026-04-23T09:17:31.000Z","modified":"2026-04-23T09:17:31.000Z","valid_from":"2026-04-23T09:17:31.000Z","name":"http://188.137.255.66/l/2e0b44/raw.js","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://188.137.255.66/l/2e0b44/raw.js']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047243460424442266"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--611ceccd-e64c-5b45-b630-241a9c4067b1","created":"2026-04-23T09:17:31.000Z","modified":"2026-04-23T09:17:31.000Z","valid_from":"2026-04-23T09:17:31.000Z","name":"188.137.255.66","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '188.137.255.66']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047243460424442266"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f40161c8-3b45-5dc2-90ea-5ba4fda2aa7f","created":"2026-04-23T09:56:25.000Z","modified":"2026-04-23T09:56:25.000Z","valid_from":"2026-04-23T09:56:25.000Z","name":"http://38.60.235.109","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://38.60.235.109']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047253251230232603"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--caa5476e-a81a-547a-9c93-0df0c9b9b1e3","created":"2026-04-23T09:56:25.000Z","modified":"2026-04-23T09:56:25.000Z","valid_from":"2026-04-23T09:56:25.000Z","name":"38.60.235.109","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.60.235.109']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047253251230232603"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--09e7189a-9032-5553-beb9-ebdebdab85e8","created":"2026-04-23T10:12:22.000Z","modified":"2026-04-23T10:12:22.000Z","valid_from":"2026-04-23T10:12:22.000Z","name":"310650c781a129b1cb65f78040235936","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '310650c781a129b1cb65f78040235936']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2047257261593317509"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0cedf83-ecf5-5554-8906-2e30105338e7","created":"2026-04-23T10:34:36.000Z","modified":"2026-04-23T10:34:36.000Z","valid_from":"2026-04-23T10:34:36.000Z","name":"https://t.co/NBfpS0qBVw","description":"IOC reported by @FalconFeedsio on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://t.co/NBfpS0qBVw']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FalconFeedsio/status/2047262860347408479"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c517af1-e804-5b05-99ab-04a1c8794cd9","created":"2026-04-23T11:54:01.000Z","modified":"2026-04-23T11:54:01.000Z","valid_from":"2026-04-23T11:54:01.000Z","name":"http://154.81.37.170","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://154.81.37.170']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047282842942521762"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3441330-59da-59bf-a8ab-f253eaaaf9e8","created":"2026-04-23T11:54:01.000Z","modified":"2026-04-23T11:54:01.000Z","valid_from":"2026-04-23T11:54:01.000Z","name":"154.81.37.170","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '154.81.37.170']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047282842942521762"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d107fe5c-f708-523d-9b8f-675498ff4441","created":"2026-04-23T11:58:55.000Z","modified":"2026-04-23T11:58:55.000Z","valid_from":"2026-04-23T11:58:55.000Z","name":"myrawupdate.duckdns.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'myrawupdate.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047284078748074151"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--885c5a8b-6639-5005-a30c-7a88b9fbbfce","created":"2026-04-23T11:58:55.000Z","modified":"2026-04-23T11:58:55.000Z","valid_from":"2026-04-23T11:58:55.000Z","name":"http://myrawupdate.duckdns.org:2404","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://myrawupdate.duckdns.org:2404']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047284078748074151"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--666afa64-978a-5ba4-a6f6-68bb635f2efb","created":"2026-04-23T11:59:20.000Z","modified":"2026-04-23T11:59:20.000Z","valid_from":"2026-04-23T11:59:20.000Z","name":"http://14.1.107.44:53652/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://14.1.107.44:53652/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2047284182791885108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c3ad8df-f796-5e24-9860-d7c5cd731c35","created":"2026-04-23T11:59:20.000Z","modified":"2026-04-23T11:59:20.000Z","valid_from":"2026-04-23T11:59:20.000Z","name":"14.1.107.44","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '14.1.107.44']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2047284182791885108"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a444af30-22c3-5cda-af9c-3506fbd861ed","created":"2026-04-23T12:33:29.000Z","modified":"2026-04-23T12:33:29.000Z","valid_from":"2026-04-23T12:33:29.000Z","name":"http://188.137.255.66/l/2e0b44/ra","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://188.137.255.66/l/2e0b44/ra']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047292778338558093"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--42177297-352a-5928-b8fe-f18c20dfe536","created":"2026-04-23T13:59:46.000Z","modified":"2026-04-23T13:59:46.000Z","valid_from":"2026-04-23T13:59:46.000Z","name":"http://storage.googleapis.com/hmdbox/hmd-v1-cl2(.)html","description":"IOC reported by @klawlikula on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://storage.googleapis.com/hmdbox/hmd-v1-cl2(.)html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/klawlikula/status/2047314488613896214"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--248bc315-bdb0-5037-b87d-4e5876b1423a","created":"2026-04-23T14:05:54.000Z","modified":"2026-04-23T14:05:54.000Z","valid_from":"2026-04-23T14:05:54.000Z","name":"quote-texas-son-manufactured.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'quote-texas-son-manufactured.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047316034114183459"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2871a8c-81e7-5a07-a9c9-384ffaf0d090","created":"2026-04-23T14:05:54.000Z","modified":"2026-04-23T14:05:54.000Z","valid_from":"2026-04-23T14:05:54.000Z","name":"http://quote-texas-son-manufactured.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://quote-texas-son-manufactured.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047316034114183459"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5cb350ae-47aa-5ec9-b677-923a0d340cd9","created":"2026-04-23T15:59:56.000Z","modified":"2026-04-23T15:59:56.000Z","valid_from":"2026-04-23T15:59:56.000Z","name":"www-rarlab.com","description":"IOC reported by @luke92881 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www-rarlab.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/luke92881/status/2047344730992742758"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--64721c43-1798-5dfc-bb4f-ccc55371f745","created":"2026-04-23T15:59:56.000Z","modified":"2026-04-23T15:59:56.000Z","valid_from":"2026-04-23T15:59:56.000Z","name":"https://www-rarlab.com","description":"IOC reported by @luke92881 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www-rarlab.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/luke92881/status/2047344730992742758"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c08892d8-c5b7-5e2d-be8a-bcb02d622f53","created":"2026-04-23T16:51:27.000Z","modified":"2026-04-23T16:51:27.000Z","valid_from":"2026-04-23T16:51:27.000Z","name":"authorities-vessel-denver-indie.trycloudflare.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'authorities-vessel-denver-indie.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047357694210617570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--acec9502-fcf1-5570-ac6b-c764bf3472dc","created":"2026-04-23T16:51:27.000Z","modified":"2026-04-23T16:51:27.000Z","valid_from":"2026-04-23T16:51:27.000Z","name":"http://authorities-vessel-denver-indie.trycloudflare.com/ssadoc/","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://authorities-vessel-denver-indie.trycloudflare.com/ssadoc/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047357694210617570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--29a30952-cd75-5f55-a2b6-52f34377608e","created":"2026-04-23T18:00:04.000Z","modified":"2026-04-23T18:00:04.000Z","valid_from":"2026-04-23T18:00:04.000Z","name":"nid.navmercorp.n-e.kr","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.navmercorp.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2047374964760949174"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c6e6c00-94fd-5ab2-b539-94a6a9655e18","created":"2026-04-23T18:00:04.000Z","modified":"2026-04-23T18:00:04.000Z","valid_from":"2026-04-23T18:00:04.000Z","name":"http://nid.navmercorp.n-e.kr","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.navmercorp.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2047374964760949174"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30d13d9a-20df-5f66-b86d-f2e8f16c0463","created":"2026-04-23T18:00:04.000Z","modified":"2026-04-23T18:00:04.000Z","valid_from":"2026-04-23T18:00:04.000Z","name":"http://163.245.215.46","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://163.245.215.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2047374964760949174"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31757c9b-791e-52a5-8424-d411f57cbb59","created":"2026-04-23T18:00:04.000Z","modified":"2026-04-23T18:00:04.000Z","valid_from":"2026-04-23T18:00:04.000Z","name":"163.245.215.46","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '163.245.215.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2047374964760949174"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7e2b67c-72a6-510c-a02a-5a3e89fbbe79","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"oercm-3load.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'oercm-3load.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10be7fae-5256-52bd-81e9-60561d51c0bd","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"http://oercm-3load.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://oercm-3load.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--906d1322-99bd-5f53-a2cd-dfc1acd5309d","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"nhpolercm25v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm25v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f667004-c780-547d-b582-ff71745dd89b","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"http://nhpolercm25v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm25v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6721cdca-689d-570d-8e3c-ba4711644403","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"nhpolercm58v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm58v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a933613-cecc-5131-b634-454f94ee3079","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"http://nhpolercm58v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm58v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9e730b1-aae9-59f1-81a6-989a29223e02","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"nhpolercm96v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm96v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91281129-3e0c-571a-8232-df2294cdc42f","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"http://nhpolercm96v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm96v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50eb004c-a4b9-5ca9-b7db-229e828c34c7","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"nopdoc69load.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nopdoc69load.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9eba3e65-3563-5ed6-905e-6b6588b574d9","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"http://nopdoc69load.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nopdoc69load.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35b2948f-705e-5de7-8674-6d2abbbadc06","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"nhpolercm14v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm14v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f17529a9-fb5a-5859-9d8c-f0f54e23a214","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"http://nhpolercm14v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm14v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7daf14c4-7f89-589f-867d-89945b55a4c8","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"nhpolercm19v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm19v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07035643-b31b-5fff-a69a-22a95334bc0b","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"http://nhpolercm19v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm19v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc053b43-6960-5418-b7e0-af84f7123c6c","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"nhpolercm4v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm4v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9407ab07-b521-5674-8318-9462a9284da6","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"http://nhpolercm4v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm4v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--531314ba-117d-5410-a6bd-17f14c4f8e7b","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"nhpolercm83v.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm83v.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d42cbcb8-e4ae-5f23-8b2d-e79b0313f1c9","created":"2026-04-23T18:28:45.000Z","modified":"2026-04-23T18:28:45.000Z","valid_from":"2026-04-23T18:28:45.000Z","name":"http://nhpolercm83v.dynv6.ne","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm83v.dynv6.ne']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047382182000312798"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1503d978-c6d3-5336-9559-0e445bd289f1","created":"2026-04-23T19:15:30.000Z","modified":"2026-04-23T19:15:30.000Z","valid_from":"2026-04-23T19:15:30.000Z","name":"http://storage.googleapis.com/hmdbox/hm","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://storage.googleapis.com/hmdbox/hm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047393945705992622"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--23938b26-3565-5180-8ce0-2cefc42f2878","created":"2026-04-23T19:24:02.000Z","modified":"2026-04-23T19:24:02.000Z","valid_from":"2026-04-23T19:24:02.000Z","name":"michel.suiv-expd001.pro","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michel.suiv-expd001.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047396096020824220"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15a5172f-c8b3-53b0-accf-0d743ecbd3ff","created":"2026-04-23T19:24:02.000Z","modified":"2026-04-23T19:24:02.000Z","valid_from":"2026-04-23T19:24:02.000Z","name":"https://michel.suiv-expd001.pro","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://michel.suiv-expd001.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047396096020824220"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ddb6954-ea5d-5cee-bda1-b872f249df49","created":"2026-04-23T19:33:45.000Z","modified":"2026-04-23T19:33:45.000Z","valid_from":"2026-04-23T19:33:45.000Z","name":"b6cab0b3aa8e56e2427f486c74588d598ae58bb0cbc0eda6939fe171cb0aed17","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'b6cab0b3aa8e56e2427f486c74588d598ae58bb0cbc0eda6939fe171cb0aed17']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047398542298259867"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cccf1257-5bcf-5dad-b39f-2dbeddd90572","created":"2026-04-24T00:17:58.000Z","modified":"2026-04-24T00:17:58.000Z","valid_from":"2026-04-24T00:17:58.000Z","name":"ar4615.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ar4615.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047470067794022821"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f3c7b84-cc67-5817-97e6-0e113a6b838a","created":"2026-04-24T00:17:58.000Z","modified":"2026-04-24T00:17:58.000Z","valid_from":"2026-04-24T00:17:58.000Z","name":"https://ar4615.cn/w2/f2/weq=guoshuis/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ar4615.cn/w2/f2/weq=guoshuis/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047470067794022821"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53c265ef-7ddd-53be-8e01-c9be3e112afa","created":"2026-04-24T00:55:14.000Z","modified":"2026-04-24T00:55:14.000Z","valid_from":"2026-04-24T00:55:14.000Z","name":"ijexszhscln27nl263lmcd7tx3jttkhm4wjhd4e3y6r4csdbfyeprvid.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ijexszhscln27nl263lmcd7tx3jttkhm4wjhd4e3y6r4csdbfyeprvid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2047479442973552693"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee2e26d2-4f39-5d21-ad4c-89b974fa56fa","created":"2026-04-24T00:55:14.000Z","modified":"2026-04-24T00:55:14.000Z","valid_from":"2026-04-24T00:55:14.000Z","name":"http://ijexszhscln27nl263lmcd7tx3jttkhm4wjhd4e3y6r4csdbfyeprvid.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ijexszhscln27nl263lmcd7tx3jttkhm4wjhd4e3y6r4csdbfyeprvid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2047479442973552693"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c47499e1-1ae5-5f9a-a8f2-084c8a9d8eac","created":"2026-04-24T02:55:31.000Z","modified":"2026-04-24T02:55:31.000Z","valid_from":"2026-04-24T02:55:31.000Z","name":"www-pay.sprots8-milem6.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www-pay.sprots8-milem6.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047509714301522364"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99908847-5630-5b2d-9404-9979f8be0e12","created":"2026-04-24T02:55:31.000Z","modified":"2026-04-24T02:55:31.000Z","valid_from":"2026-04-24T02:55:31.000Z","name":"https://www-pay.sprots8-milem6.com/utxfaZfslmoJ","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www-pay.sprots8-milem6.com/utxfaZfslmoJ']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047509714301522364"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84efe7cd-0014-51a1-bb8e-89346a4df749","created":"2026-04-24T02:55:31.000Z","modified":"2026-04-24T02:55:31.000Z","valid_from":"2026-04-24T02:55:31.000Z","name":"www2-pay.news-178zhibo.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www2-pay.news-178zhibo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047509714301522364"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e341094d-45f5-5db4-a656-a50532fd193b","created":"2026-04-24T02:55:31.000Z","modified":"2026-04-24T02:55:31.000Z","valid_from":"2026-04-24T02:55:31.000Z","name":"https://www2-pay.news-178zhibo.com/OuLn3jr77vMr","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www2-pay.news-178zhibo.com/OuLn3jr77vMr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047509714301522364"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a9d77a0-65e6-5675-a848-04ccb4752912","created":"2026-04-24T02:55:31.000Z","modified":"2026-04-24T02:55:31.000Z","valid_from":"2026-04-24T02:55:31.000Z","name":"www-pay.uy5722.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www-pay.uy5722.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047509714301522364"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--192143c7-953c-5260-9893-aea7ea136c96","created":"2026-04-24T02:55:31.000Z","modified":"2026-04-24T02:55:31.000Z","valid_from":"2026-04-24T02:55:31.000Z","name":"https://www-pay.uy5722.com/KfsDuyo3ev86","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www-pay.uy5722.com/KfsDuyo3ev86']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047509714301522364"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d867ee36-1aeb-5e24-8d08-bb2cae923ec7","created":"2026-04-24T04:45:44.000Z","modified":"2026-04-24T04:45:44.000Z","valid_from":"2026-04-24T04:45:44.000Z","name":"sensitive-olive-alligator.31-22-7-7.cpanel.site","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sensitive-olive-alligator.31-22-7-7.cpanel.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2047537450449273239"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce2ff95d-9d9f-5f7f-937f-8cbc78a3e6f6","created":"2026-04-24T04:45:44.000Z","modified":"2026-04-24T04:45:44.000Z","valid_from":"2026-04-24T04:45:44.000Z","name":"https://sensitive-olive-alligator.31-22-7-7.cpanel.site/wind/","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sensitive-olive-alligator.31-22-7-7.cpanel.site/wind/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2047537450449273239"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf2c301a-127c-583c-8519-6cd1a9debc12","created":"2026-04-24T06:59:12.000Z","modified":"2026-04-24T06:59:12.000Z","valid_from":"2026-04-24T06:59:12.000Z","name":"esevasecurefile.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'esevasecurefile.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047571039501115410"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a71389e-371b-59ed-ab5e-6c4dd79488d5","created":"2026-04-24T06:59:12.000Z","modified":"2026-04-24T06:59:12.000Z","valid_from":"2026-04-24T06:59:12.000Z","name":"http://esevasecurefile.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://esevasecurefile.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047571039501115410"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--225dfe29-58bc-599f-8adf-1473776be992","created":"2026-04-24T06:59:12.000Z","modified":"2026-04-24T06:59:12.000Z","valid_from":"2026-04-24T06:59:12.000Z","name":"8cd05fd628ed7927871e9dd53d4e613b","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8cd05fd628ed7927871e9dd53d4e613b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047571039501115410"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b026df98-10e5-5438-b507-5b3568163342","created":"2026-04-24T08:00:21.000Z","modified":"2026-04-24T08:00:21.000Z","valid_from":"2026-04-24T08:00:21.000Z","name":"776302eeef68e4d5132424de18976845","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '776302eeef68e4d5132424de18976845']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047586429220294843"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28c214af-1de7-5568-8136-6bc27ffb4b47","created":"2026-04-24T08:00:21.000Z","modified":"2026-04-24T08:00:21.000Z","valid_from":"2026-04-24T08:00:21.000Z","name":"4b381a89dc0f3fd44286410d7c826073","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '4b381a89dc0f3fd44286410d7c826073']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047586429220294843"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b34af70b-b361-5974-a4cc-cfa4cc58a33f","created":"2026-04-24T08:05:46.000Z","modified":"2026-04-24T08:05:46.000Z","valid_from":"2026-04-24T08:05:46.000Z","name":"www2-pay.news-178zhibo.co","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www2-pay.news-178zhibo.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047587790771179905"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cbd4c68c-2302-5958-9e98-cf9f115a76c0","created":"2026-04-24T08:05:46.000Z","modified":"2026-04-24T08:05:46.000Z","valid_from":"2026-04-24T08:05:46.000Z","name":"https://www2-pay.news-178zhibo.co","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www2-pay.news-178zhibo.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047587790771179905"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cd49c52-4741-5b1c-861a-63cc683d3877","created":"2026-04-24T08:31:06.000Z","modified":"2026-04-24T08:31:06.000Z","valid_from":"2026-04-24T08:31:06.000Z","name":"d4c184f4389d710c8aefe296486d4d3e430da609d86fa6289a8cea9fde4a1166","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd4c184f4389d710c8aefe296486d4d3e430da609d86fa6289a8cea9fde4a1166']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047594168008991143"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ea0ebe2-8f1f-5a96-a6d2-eee75caee9af","created":"2026-04-24T08:57:13.000Z","modified":"2026-04-24T08:57:13.000Z","valid_from":"2026-04-24T08:57:13.000Z","name":"u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2047600738344550679"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37f7220c-8238-59f4-8501-03fd83a2370e","created":"2026-04-24T08:57:13.000Z","modified":"2026-04-24T08:57:13.000Z","valid_from":"2026-04-24T08:57:13.000Z","name":"http://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2047600738344550679"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--88873b4d-61d0-5a46-8b99-913e37c63087","created":"2026-04-24T09:29:08.000Z","modified":"2026-04-24T09:29:08.000Z","valid_from":"2026-04-24T09:29:08.000Z","name":"93479fab71b4d60225d502ffc8f18fc00f74bd2e30a7ee70d18c78886d639266","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '93479fab71b4d60225d502ffc8f18fc00f74bd2e30a7ee70d18c78886d639266']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047608771912823083"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--00795c7d-f406-5506-9c03-ef6c3338bee2","created":"2026-04-24T09:59:43.000Z","modified":"2026-04-24T09:59:43.000Z","valid_from":"2026-04-24T09:59:43.000Z","name":"http://85.11.161.198:9191/YRJKHYWK.msi","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://85.11.161.198:9191/YRJKHYWK.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047616468909506667"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0e962da-6f4f-5d19-b1a2-dae0a799d09c","created":"2026-04-24T09:59:43.000Z","modified":"2026-04-24T09:59:43.000Z","valid_from":"2026-04-24T09:59:43.000Z","name":"85.11.161.198","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '85.11.161.198']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047616468909506667"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebf70f4c-a3a5-5f7a-8292-d329492fd8d9","created":"2026-04-24T10:21:00.000Z","modified":"2026-04-24T10:21:00.000Z","valid_from":"2026-04-24T10:21:00.000Z","name":"77.92.36.10","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.92.36.10']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2047621822917603616"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d327398-c25e-5156-b82b-6fcaf040daf0","created":"2026-04-24T10:25:13.000Z","modified":"2026-04-24T10:25:13.000Z","valid_from":"2026-04-24T10:25:13.000Z","name":"buzxsmv.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'buzxsmv.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047622884882079831"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82a9b030-20c5-517b-8fe6-65fa4c68844c","created":"2026-04-24T10:25:13.000Z","modified":"2026-04-24T10:25:13.000Z","valid_from":"2026-04-24T10:25:13.000Z","name":"https://buzxsmv.cn/k1/da2/g2/ads=jcbs/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://buzxsmv.cn/k1/da2/g2/ads=jcbs/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2047622884882079831"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--157dafd7-d1a7-5da6-805b-d69b1f30d354","created":"2026-04-24T10:37:16.000Z","modified":"2026-04-24T10:37:16.000Z","valid_from":"2026-04-24T10:37:16.000Z","name":"http://168.100.8.179:8084","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://168.100.8.179:8084']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047625917212577950"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--99d35319-400c-5b36-b2e5-193818276ae9","created":"2026-04-24T10:37:16.000Z","modified":"2026-04-24T10:37:16.000Z","valid_from":"2026-04-24T10:37:16.000Z","name":"168.100.8.179","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '168.100.8.179']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047625917212577950"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd76d502-186a-5517-9ff3-99bdf8eef132","created":"2026-04-24T10:40:44.000Z","modified":"2026-04-24T10:40:44.000Z","valid_from":"2026-04-24T10:40:44.000Z","name":"f0da50334b44ef183ab5fd1692ac3381fc84ebe499ce15d567b53c946548ec65","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'f0da50334b44ef183ab5fd1692ac3381fc84ebe499ce15d567b53c946548ec65']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047626791859179979"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ccaee2c-9376-5fac-9c48-61b46a61ba9d","created":"2026-04-24T12:56:47.000Z","modified":"2026-04-24T12:56:47.000Z","valid_from":"2026-04-24T12:56:47.000Z","name":"117.72.113.43","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '117.72.113.43']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047661030231118060"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--520878a1-bd99-531b-b6cd-cff968e2c1ff","created":"2026-04-24T12:56:47.000Z","modified":"2026-04-24T12:56:47.000Z","valid_from":"2026-04-24T12:56:47.000Z","name":"134.122.203.197","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '134.122.203.197']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047661030231118060"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e4c250b-dfe9-5916-a511-3f76e8f9bf99","created":"2026-04-24T12:56:47.000Z","modified":"2026-04-24T12:56:47.000Z","valid_from":"2026-04-24T12:56:47.000Z","name":"150.109.57.12","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '150.109.57.12']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047661030231118060"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1b00009-6c93-5b1c-8f9f-39c68741371a","created":"2026-04-24T12:56:47.000Z","modified":"2026-04-24T12:56:47.000Z","valid_from":"2026-04-24T12:56:47.000Z","name":"154.36.152.177","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '154.36.152.177']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047661030231118060"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f9b64c1-b76f-57f7-a6ce-86635e0caf33","created":"2026-04-24T12:56:47.000Z","modified":"2026-04-24T12:56:47.000Z","valid_from":"2026-04-24T12:56:47.000Z","name":"154.44.30.120","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '154.44.30.120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047661030231118060"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0a6c21f-84d8-54f1-aa54-64a3808478c4","created":"2026-04-24T13:08:58.000Z","modified":"2026-04-24T13:08:58.000Z","valid_from":"2026-04-24T13:08:58.000Z","name":"halfmillion-iq.com","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'halfmillion-iq.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2047664093541048542"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1a4b859-546f-52e6-abb8-595fbbbe5e07","created":"2026-04-24T13:08:58.000Z","modified":"2026-04-24T13:08:58.000Z","valid_from":"2026-04-24T13:08:58.000Z","name":"https://halfmillion-iq.com/halfmillion-iq.zip","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://halfmillion-iq.com/halfmillion-iq.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2047664093541048542"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e245f7b-acb7-5857-86d1-abc7003f9f6b","created":"2026-04-24T13:11:21.000Z","modified":"2026-04-24T13:11:21.000Z","valid_from":"2026-04-24T13:11:21.000Z","name":"23.95.117.252","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '23.95.117.252']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047664694031196478"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84c7a9da-c2e1-5fef-a17b-029be3d502fa","created":"2026-04-24T13:11:21.000Z","modified":"2026-04-24T13:11:21.000Z","valid_from":"2026-04-24T13:11:21.000Z","name":"78.111.67.231","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '78.111.67.231']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047664694031196478"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b39c3571-1e19-5a95-8dc4-2c7102bc25e6","created":"2026-04-24T13:11:21.000Z","modified":"2026-04-24T13:11:21.000Z","valid_from":"2026-04-24T13:11:21.000Z","name":"107.175.148.103","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '107.175.148.103']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047664694031196478"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25f5548d-f2a4-5203-b02a-4e12cb6e1dff","created":"2026-04-24T13:11:21.000Z","modified":"2026-04-24T13:11:21.000Z","valid_from":"2026-04-24T13:11:21.000Z","name":"172.245.95.36","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '172.245.95.36']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047664694031196478"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52c319df-496d-5e4f-aaaa-068ef31f4b6d","created":"2026-04-24T13:11:21.000Z","modified":"2026-04-24T13:11:21.000Z","valid_from":"2026-04-24T13:11:21.000Z","name":"204.10.160.226","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '204.10.160.226']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047664694031196478"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--696ec17b-32c7-568e-ba4d-354bb1e21ea0","created":"2026-04-24T13:48:31.000Z","modified":"2026-04-24T13:48:31.000Z","valid_from":"2026-04-24T13:48:31.000Z","name":"audit.checkmarx.cx","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'audit.checkmarx.cx']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047674047115252152"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--78eb2be3-aa38-5085-b06c-a0184f842084","created":"2026-04-24T13:48:31.000Z","modified":"2026-04-24T13:48:31.000Z","valid_from":"2026-04-24T13:48:31.000Z","name":"http://audit.checkmarx.cx","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://audit.checkmarx.cx']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047674047115252152"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6bc3365e-85b3-5d8a-9abe-21af02e90547","created":"2026-04-24T13:48:31.000Z","modified":"2026-04-24T13:48:31.000Z","valid_from":"2026-04-24T13:48:31.000Z","name":"http://94.154.172.43","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://94.154.172.43']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047674047115252152"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--649284ec-7064-5103-881b-6e5970f34671","created":"2026-04-24T13:48:31.000Z","modified":"2026-04-24T13:48:31.000Z","valid_from":"2026-04-24T13:48:31.000Z","name":"94.154.172.43","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.154.172.43']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047674047115252152"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c7922e9-14a2-5c4c-baa5-712d918165d1","created":"2026-04-24T15:48:41.000Z","modified":"2026-04-24T15:48:41.000Z","valid_from":"2026-04-24T15:48:41.000Z","name":"passkeyactivate.com","description":"IOC reported by @0xPEMB on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'passkeyactivate.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/0xPEMB/status/2047704287912898963"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f7b15b9-8266-5eeb-977f-9f8370f7ce32","created":"2026-04-24T15:48:41.000Z","modified":"2026-04-24T15:48:41.000Z","valid_from":"2026-04-24T15:48:41.000Z","name":"http://passkeyactivate.com","description":"IOC reported by @0xPEMB on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://passkeyactivate.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/0xPEMB/status/2047704287912898963"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9360d63-d524-5d4c-9a88-43601bf945ca","created":"2026-04-24T16:28:04.000Z","modified":"2026-04-24T16:28:04.000Z","valid_from":"2026-04-24T16:28:04.000Z","name":"incometax.onlinegov.in.net","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'incometax.onlinegov.in.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047714198055186643"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5641516-d6f8-5fbe-8723-90b7b5d1d4d7","created":"2026-04-24T16:28:04.000Z","modified":"2026-04-24T16:28:04.000Z","valid_from":"2026-04-24T16:28:04.000Z","name":"http://incometax.onlinegov.in.net","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://incometax.onlinegov.in.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047714198055186643"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef22c055-258a-5753-85c8-5f70061ab1b3","created":"2026-04-24T16:28:04.000Z","modified":"2026-04-24T16:28:04.000Z","valid_from":"2026-04-24T16:28:04.000Z","name":"http://115.124.108.190","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://115.124.108.190']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047714198055186643"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27d35f6e-4a82-58dc-a325-14eff60359a1","created":"2026-04-24T16:28:04.000Z","modified":"2026-04-24T16:28:04.000Z","valid_from":"2026-04-24T16:28:04.000Z","name":"115.124.108.190","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '115.124.108.190']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047714198055186643"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e3db19a-54ca-5601-a4bf-d40230d0768d","created":"2026-04-24T17:05:20.000Z","modified":"2026-04-24T17:05:20.000Z","valid_from":"2026-04-24T17:05:20.000Z","name":"http://t.co/dAAOGfA5xE","description":"IOC reported by @ImCharlesN on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t.co/dAAOGfA5xE']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ImCharlesN/status/2047723577491824724"}],"labels":["Raccoon"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f166f98a-e69f-5d9a-ac0a-e1c46c7e772a","created":"2026-04-24T20:11:24.000Z","modified":"2026-04-24T20:11:24.000Z","valid_from":"2026-04-24T20:11:24.000Z","name":"discretion-barrel-formed-vault.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'discretion-barrel-formed-vault.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047770402743632327"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--843f6f42-9b7f-59ab-bc79-1f98e4de86bf","created":"2026-04-24T20:11:24.000Z","modified":"2026-04-24T20:11:24.000Z","valid_from":"2026-04-24T20:11:24.000Z","name":"https://discretion-barrel-formed-vault.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://discretion-barrel-formed-vault.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2047770402743632327"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a518d9f-7bae-5935-b27a-00be57e35b05","created":"2026-04-25T00:02:08.000Z","modified":"2026-04-25T00:02:08.000Z","valid_from":"2026-04-25T00:02:08.000Z","name":"imaxstores.cfd","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imaxstores.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047828468948238771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d2aa2c3-61ef-52e2-8185-0b0b9dfe347b","created":"2026-04-25T00:02:08.000Z","modified":"2026-04-25T00:02:08.000Z","valid_from":"2026-04-25T00:02:08.000Z","name":"https://www.imaxstores.cfd/?cid=79&url=","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.imaxstores.cfd/?cid=79&url=']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047828468948238771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96d6df26-e8b0-59a4-85b3-cdc30baae97c","created":"2026-04-25T00:10:00.000Z","modified":"2026-04-25T00:10:00.000Z","valid_from":"2026-04-25T00:10:00.000Z","name":"http://104.164.55.107","description":"IOC reported by @nahamike01 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.164.55.107']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/nahamike01/status/2047830645406343424"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7fdd8523-76ba-5d0c-b360-fdc305c75c5c","created":"2026-04-25T00:10:00.000Z","modified":"2026-04-25T00:10:00.000Z","valid_from":"2026-04-25T00:10:00.000Z","name":"104.164.55.107","description":"IOC reported by @nahamike01 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.164.55.107']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/nahamike01/status/2047830645406343424"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e721a7a5-7f59-5134-9109-02def1fbe0a2","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"oscatower.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'oscatower.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3438c10-3e6d-59a7-bbbc-dfffb58878ea","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://oscatower.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://oscatower.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28559775-c74a-5ef7-bdfe-022fb1c544f9","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"nooraeso.r-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nooraeso.r-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3bb0843-2eb8-5a97-b271-374e012f2281","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://nooraeso.r-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nooraeso.r-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97caacba-9b6a-59b5-ad74-eb276cbd7490","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"bermates.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bermates.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0da8027-c9c5-505b-bc91-2944855f2964","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://bermates.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bermates.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad7544de-76c7-5efa-b9a8-e2a4787ac986","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"jungop.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jungop.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9854884-c8ec-5b90-b98b-916161473304","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://jungop.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jungop.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--047a27b1-1876-5f0f-a12f-f4d6838faa8f","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"brimo.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'brimo.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44796d40-1392-5a1c-8a11-e20a46931744","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://brimo.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://brimo.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ae64330-c71d-5e20-a1bb-d24f0a04f43e","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"queosera2.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'queosera2.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1aeb8b26-c3dc-57c6-b308-fee9611346bc","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://queosera2.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://queosera2.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7db9253e-8551-59d7-925e-fcd2a8668bec","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"morotomot.r-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'morotomot.r-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e6f77af-9949-5fa2-9656-2784900b1014","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://morotomot.r-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://morotomot.r-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c4eec934-9d5d-5457-8405-9eb1c6837c0e","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"hayoungju.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hayoungju.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd19f59d-4a75-53cb-ac84-252cc5fbd809","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://hayoungju.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hayoungju.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d38129e-87c0-5e56-a6fb-1911308f5e9e","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"jujeong.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jujeong.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f1226f5-a618-553d-92f3-04d43ff1548d","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://jujeong.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jujeong.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1855670-ffa2-5052-b0cb-be448a9773c6","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"docotot.o-r.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docotot.o-r.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c79ff0f1-68fc-5333-ab85-8e78bfdccba3","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://docotot.o-r.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docotot.o-r.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--928658ac-4b8a-5d44-905b-a1161ae68e9d","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"neratras2.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'neratras2.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83ed0902-de29-5b41-9262-86d29c81bd9d","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://neratras2.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://neratras2.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--11e30961-704f-5547-8235-cb43c6dd8fcb","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"tradoam.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tradoam.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe9cc9f0-2427-5fb4-bd9d-d5a50da9a1a1","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://tradoam.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tradoam.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8339c557-d5f7-56d8-a189-7021bd843fba","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"artisgo.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'artisgo.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5df576f8-7295-5f95-9991-e5d6fadc4158","created":"2026-04-25T05:17:00.000Z","modified":"2026-04-25T05:17:00.000Z","valid_from":"2026-04-25T05:17:00.000Z","name":"http://artisgo.n-e.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://artisgo.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047907939814388089"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--180c14f6-81e0-5bd6-9a56-9bc26058bb5a","created":"2026-04-25T05:53:00.000Z","modified":"2026-04-25T05:53:00.000Z","valid_from":"2026-04-25T05:53:00.000Z","name":"access-sharepoint-exchange.d2a8tpeb2129r7.amplifyapp.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'access-sharepoint-exchange.d2a8tpeb2129r7.amplifyapp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047916824717860990"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a75fad88-36a7-5dda-ad79-ee5ae695090a","created":"2026-04-25T05:53:00.000Z","modified":"2026-04-25T05:53:00.000Z","valid_from":"2026-04-25T05:53:00.000Z","name":"http://access-sharepoint-exchange.d2a8tpeb2129r7.amplifyapp.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://access-sharepoint-exchange.d2a8tpeb2129r7.amplifyapp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047916824717860990"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9009d468-0b76-56ef-bbaa-8b1fc1139768","created":"2026-04-25T05:53:00.000Z","modified":"2026-04-25T05:53:00.000Z","valid_from":"2026-04-25T05:53:00.000Z","name":"secure-share-r1y7.p-cebompw5.workers.dev","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'secure-share-r1y7.p-cebompw5.workers.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047916824717860990"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67dfc5ff-10c9-5284-851b-21a4a9120069","created":"2026-04-25T05:53:00.000Z","modified":"2026-04-25T05:53:00.000Z","valid_from":"2026-04-25T05:53:00.000Z","name":"http://secure-share-r1y7.p-cebompw5.workers.dev/l/UP4HIVXTl3Q","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://secure-share-r1y7.p-cebompw5.workers.dev/l/UP4HIVXTl3Q']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047916824717860990"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52a22135-38ae-5506-858c-e870033a2dbf","created":"2026-04-25T05:59:41.000Z","modified":"2026-04-25T05:59:41.000Z","valid_from":"2026-04-25T05:59:41.000Z","name":"sharepoint-files-download.pages.dev","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sharepoint-files-download.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047918451440922886"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--206bf53b-62ce-58d5-8499-1a2f5ffe3e26","created":"2026-04-25T05:59:41.000Z","modified":"2026-04-25T05:59:41.000Z","valid_from":"2026-04-25T05:59:41.000Z","name":"http://sharepoint-files-download.pages.dev","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sharepoint-files-download.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047918451440922886"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4ddbec93-e413-5197-a3e8-3eadd56f4040","created":"2026-04-25T05:59:41.000Z","modified":"2026-04-25T05:59:41.000Z","valid_from":"2026-04-25T05:59:41.000Z","name":"rsmixed.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rsmixed.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047918451440922886"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5cbf7c5-fce3-53ca-ba0b-9b3efa54e53a","created":"2026-04-25T05:59:41.000Z","modified":"2026-04-25T05:59:41.000Z","valid_from":"2026-04-25T05:59:41.000Z","name":"http://rsmixed.com/abuloma2share/mailer.php","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rsmixed.com/abuloma2share/mailer.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047918451440922886"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--504a61be-e0c8-5867-906b-66ba4dc20913","created":"2026-04-25T07:49:00.000Z","modified":"2026-04-25T07:49:00.000Z","valid_from":"2026-04-25T07:49:00.000Z","name":"zondanewsletter.pl","description":"IOC reported by @Sekurak on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zondanewsletter.pl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Sekurak/status/2047946091040002215"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--181f4674-8afc-5d05-be29-c965986a795a","created":"2026-04-25T07:49:00.000Z","modified":"2026-04-25T07:49:00.000Z","valid_from":"2026-04-25T07:49:00.000Z","name":"http://zondanewsletter.pl","description":"IOC reported by @Sekurak on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://zondanewsletter.pl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Sekurak/status/2047946091040002215"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce74abfb-181c-5724-b119-59a8650c19c0","created":"2026-04-25T08:26:32.000Z","modified":"2026-04-25T08:26:32.000Z","valid_from":"2026-04-25T08:26:32.000Z","name":"graph.org","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'graph.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047955407109533742"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eedcfd17-bdb1-5697-87a6-7f1ed1ad0640","created":"2026-04-25T08:26:32.000Z","modified":"2026-04-25T08:26:32.000Z","valid_from":"2026-04-25T08:26:32.000Z","name":"http://graph.org/Withdrawal-process-04-14","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://graph.org/Withdrawal-process-04-14']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047955407109533742"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6520c8c-bc4c-522e-80d5-d306f79cd552","created":"2026-04-25T08:26:32.000Z","modified":"2026-04-25T08:26:32.000Z","valid_from":"2026-04-25T08:26:32.000Z","name":"97ee4.catex.at","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '97ee4.catex.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047955407109533742"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58ba178a-b15f-52bf-8c48-4d123ca68077","created":"2026-04-25T08:26:32.000Z","modified":"2026-04-25T08:26:32.000Z","valid_from":"2026-04-25T08:26:32.000Z","name":"http://97ee4.catex.at/cnbcard/","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://97ee4.catex.at/cnbcard/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047955407109533742"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2dd04e70-7d1f-59f5-bed1-7d9ce5693a69","created":"2026-04-25T09:30:00.000Z","modified":"2026-04-25T09:30:00.000Z","valid_from":"2026-04-25T09:30:00.000Z","name":"45.227.254.10","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.227.254.10']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2047971403652043004"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5780bf5-901b-5c22-98fd-95f51bfae263","created":"2026-04-25T09:30:00.000Z","modified":"2026-04-25T09:30:00.000Z","valid_from":"2026-04-25T09:30:00.000Z","name":"c7c4568516bfe053f656549f4d97a1a5","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'c7c4568516bfe053f656549f4d97a1a5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2047971403652043004"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d10743ae-c5ad-57ee-ad30-f61cf8edf83c","created":"2026-04-25T09:43:00.000Z","modified":"2026-04-25T09:43:00.000Z","valid_from":"2026-04-25T09:43:00.000Z","name":"youtude-dl.pro","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'youtude-dl.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047974809154343022"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2962994-8730-5717-922e-a30df7e71612","created":"2026-04-25T09:43:00.000Z","modified":"2026-04-25T09:43:00.000Z","valid_from":"2026-04-25T09:43:00.000Z","name":"http://youtude-dl.pro","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://youtude-dl.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047974809154343022"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd89b015-ac7e-5c26-af30-ccd97d416792","created":"2026-04-25T09:43:00.000Z","modified":"2026-04-25T09:43:00.000Z","valid_from":"2026-04-25T09:43:00.000Z","name":"http://185.107.74.215","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://185.107.74.215']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047974809154343022"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8cd3c073-ccef-5a6f-bac9-1fc286dee4c1","created":"2026-04-25T09:43:00.000Z","modified":"2026-04-25T09:43:00.000Z","valid_from":"2026-04-25T09:43:00.000Z","name":"185.107.74.215","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.107.74.215']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2047974809154343022"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--55a351ae-14ce-588a-b41b-ca8f887467e3","created":"2026-04-25T10:14:00.000Z","modified":"2026-04-25T10:14:00.000Z","valid_from":"2026-04-25T10:14:00.000Z","name":"secureactivitysett726411.li","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'secureactivitysett726411.li']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047982655778525480"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d4673b2-7c88-5be6-852a-e671f801b7db","created":"2026-04-25T10:14:00.000Z","modified":"2026-04-25T10:14:00.000Z","valid_from":"2026-04-25T10:14:00.000Z","name":"https://secureactivitysett726411.li","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://secureactivitysett726411.li']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047982655778525480"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e589d3f3-afba-5128-8f51-10bf961f34d3","created":"2026-04-25T10:14:00.000Z","modified":"2026-04-25T10:14:00.000Z","valid_from":"2026-04-25T10:14:00.000Z","name":"82.221.136.24","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '82.221.136.24']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2047982655778525480"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--60777e49-1da2-51a4-9db2-53066d9067ed","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"wordplumbprotectstairs.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wordplumbprotectstairs.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1108504b-fb82-51ea-b088-5efd371f2752","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"http://wordplumbprotectstairs.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wordplumbprotectstairs.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--520cb2bc-458f-5cca-8a8d-76fe12b9252f","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"bowl-fire-ceil-found.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bowl-fire-ceil-found.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5009d0cf-560c-52bb-aa13-6cc3ad9da34a","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"http://bowl-fire-ceil-found.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bowl-fire-ceil-found.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c01cc8d5-b1cd-5dad-ba1e-c3660edf4ee4","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"candle-plumb-found-ceil.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'candle-plumb-found-ceil.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--baac56c2-a332-548f-a12a-57027b7a09a9","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"http://candle-plumb-found-ceil.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://candle-plumb-found-ceil.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee9dada5-b552-5b91-8301-63e5e7c53233","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"floor-interior-fire-found.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'floor-interior-fire-found.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e53a286b-b052-5d30-8ec5-fc9a7b2b1738","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"http://floor-interior-fire-found.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://floor-interior-fire-found.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0be00796-a3c3-5053-b260-6103bc1d61f0","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"plumb-table-floor-protect.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'plumb-table-floor-protect.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--305fe976-e458-5068-84c2-4134f741b0fa","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"http://plumb-table-floor-protect.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://plumb-table-floor-protect.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c53bc2f2-4bb2-5f8d-a271-ad75c0780c52","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"bowl-interior-word-plumb.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bowl-interior-word-plumb.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34389216-39c9-5ae2-9da9-db67ac33dba6","created":"2026-04-25T10:59:45.000Z","modified":"2026-04-25T10:59:45.000Z","valid_from":"2026-04-25T10:59:45.000Z","name":"http://bowl-interior-word-plumb.autos","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bowl-interior-word-plumb.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2047993964595388805"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--126fec0f-2696-55d1-8327-0bf5c56487aa","created":"2026-04-25T11:28:00.000Z","modified":"2026-04-25T11:28:00.000Z","valid_from":"2026-04-25T11:28:00.000Z","name":"http://188.53.207.222","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://188.53.207.222']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048001121621357014"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--752810c8-8295-5413-9063-95df0bf43370","created":"2026-04-25T11:28:00.000Z","modified":"2026-04-25T11:28:00.000Z","valid_from":"2026-04-25T11:28:00.000Z","name":"188.53.207.222","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '188.53.207.222']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048001121621357014"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--26d97ce1-9dba-58a1-a170-6e900f0f0e3b","created":"2026-04-25T13:12:00.000Z","modified":"2026-04-25T13:12:00.000Z","valid_from":"2026-04-25T13:12:00.000Z","name":"nufesafew.z1.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nufesafew.z1.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2048027347069358122"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c6a2d20-f4d8-507c-8936-1478cef16945","created":"2026-04-25T13:12:00.000Z","modified":"2026-04-25T13:12:00.000Z","valid_from":"2026-04-25T13:12:00.000Z","name":"https://nufesafew.z1.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nufesafew.z1.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2048027347069358122"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9a75741-e2a3-5729-8f80-5485d105ca40","created":"2026-04-25T13:54:59.000Z","modified":"2026-04-25T13:54:59.000Z","valid_from":"2026-04-25T13:54:59.000Z","name":"zamknj.xagnnx.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zamknj.xagnnx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048038064321331477"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15b42b24-f15f-56ac-a4b3-fdf01ae08d91","created":"2026-04-25T13:54:59.000Z","modified":"2026-04-25T13:54:59.000Z","valid_from":"2026-04-25T13:54:59.000Z","name":"https://zamknj.xagnnx.cn/gpajp/accunt/lginox/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zamknj.xagnnx.cn/gpajp/accunt/lginox/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048038064321331477"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2c9a46b-960f-51a3-9942-66b64eed3bbb","created":"2026-04-25T14:30:00.000Z","modified":"2026-04-25T14:30:00.000Z","valid_from":"2026-04-25T14:30:00.000Z","name":"8b4bf067ce212b01548137af6da1f57f","description":"IOC reported by @ReBensk on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8b4bf067ce212b01548137af6da1f57f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ReBensk/status/2048047113142153378"}],"labels":["Android","Trojan","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfd8e496-975e-5b20-862f-573817f5e9e1","created":"2026-04-25T14:50:00.000Z","modified":"2026-04-25T14:50:00.000Z","valid_from":"2026-04-25T14:50:00.000Z","name":"hostednowhere.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hostednowhere.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2048052130192507293"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--85e4e1cf-97f2-5716-9eb5-773060ddd8af","created":"2026-04-25T14:50:00.000Z","modified":"2026-04-25T14:50:00.000Z","valid_from":"2026-04-25T14:50:00.000Z","name":"http://hostednowhere.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hostednowhere.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2048052130192507293"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--79d2b4cb-6d32-57ca-8367-e2d1a6a50027","created":"2026-04-25T15:00:00.000Z","modified":"2026-04-25T15:00:00.000Z","valid_from":"2026-04-25T15:00:00.000Z","name":"webapp-getdocumentodwnload-pacapp.malik-jaani786.workers.dev","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'webapp-getdocumentodwnload-pacapp.malik-jaani786.workers.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2048054426078724126"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9521b37a-7916-56cc-a2b5-b967703c56ab","created":"2026-04-25T15:00:00.000Z","modified":"2026-04-25T15:00:00.000Z","valid_from":"2026-04-25T15:00:00.000Z","name":"https://webapp-getdocumentodwnload-pacapp.malik-jaani786.workers.dev/?pdf_download3","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://webapp-getdocumentodwnload-pacapp.malik-jaani786.workers.dev/?pdf_download3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2048054426078724126"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52ace877-8c7c-5565-b985-8ce29090b4cf","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"nmc.govonline.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nmc.govonline.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8b29cb2-bf2b-55aa-bed1-f4a78a094648","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"http://nmc.govonline.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nmc.govonline.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07527906-f847-58b6-adca-797dab8dc3e0","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"mp.pwd.govonline.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mp.pwd.govonline.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ba900c5-d53f-5e46-8cc6-3a7044cbca4d","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"http://mp.pwd.govonline.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mp.pwd.govonline.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--695ddcee-4b32-594f-9003-26717bcedfd1","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"rpf.hrms.govonline.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rpf.hrms.govonline.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1af1253e-971a-58a9-bbc7-24aea8ac1c84","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"http://rpf.hrms.govonline.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rpf.hrms.govonline.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c81714d-3415-5933-8cd1-9edc0628c3c0","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"irctc.govonline.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'irctc.govonline.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e562ca2-9662-5bca-8442-45ed81d8b1c7","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"http://irctc.govonline.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://irctc.govonline.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef22c055-258a-5753-85c8-5f70061ab1b3","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"http://115.124.108.190","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://115.124.108.190']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27d35f6e-4a82-58dc-a325-14eff60359a1","created":"2026-04-25T16:17:00.000Z","modified":"2026-04-25T16:17:00.000Z","valid_from":"2026-04-25T16:17:00.000Z","name":"115.124.108.190","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '115.124.108.190']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048073842187436201"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e191d02-fbf9-5d32-a360-886b67e9598e","created":"2026-04-25T17:43:00.000Z","modified":"2026-04-25T17:43:00.000Z","valid_from":"2026-04-25T17:43:00.000Z","name":"http://85.11.167.177/Yboats.arm7","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://85.11.167.177/Yboats.arm7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048095632515113182"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fee0474c-ee6e-58e0-8b5e-9dee91050d09","created":"2026-04-25T17:43:00.000Z","modified":"2026-04-25T17:43:00.000Z","valid_from":"2026-04-25T17:43:00.000Z","name":"130.12.180.78","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '130.12.180.78']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048095632515113182"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec5fbe44-2e78-5c9e-bbcb-0875ad797a61","created":"2026-04-25T17:43:00.000Z","modified":"2026-04-25T17:43:00.000Z","valid_from":"2026-04-25T17:43:00.000Z","name":"85.11.167.177","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '85.11.167.177']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048095632515113182"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--43a8e995-f2e7-5aa2-a1f3-1ba8ab6b5b81","created":"2026-04-25T17:43:00.000Z","modified":"2026-04-25T17:43:00.000Z","valid_from":"2026-04-25T17:43:00.000Z","name":"1f6956055553bf37ba73dd32dc50bbaa","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '1f6956055553bf37ba73dd32dc50bbaa']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048095632515113182"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--74ca8351-c76c-5de9-9b5f-17dac894ec94","created":"2026-04-25T18:00:00.000Z","modified":"2026-04-25T18:00:00.000Z","valid_from":"2026-04-25T18:00:00.000Z","name":"bigfile.navcloudstorage.n-e.kr","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bigfile.navcloudstorage.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2048099743025541384"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--42d17d6a-c0d9-5a95-8658-8658a6d6976f","created":"2026-04-25T18:00:00.000Z","modified":"2026-04-25T18:00:00.000Z","valid_from":"2026-04-25T18:00:00.000Z","name":"http://bigfile.navcloudstorage.n-e.kr","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bigfile.navcloudstorage.n-e.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2048099743025541384"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30d13d9a-20df-5f66-b86d-f2e8f16c0463","created":"2026-04-25T18:00:00.000Z","modified":"2026-04-25T18:00:00.000Z","valid_from":"2026-04-25T18:00:00.000Z","name":"http://163.245.215.46","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://163.245.215.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2048099743025541384"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31757c9b-791e-52a5-8424-d411f57cbb59","created":"2026-04-25T18:00:00.000Z","modified":"2026-04-25T18:00:00.000Z","valid_from":"2026-04-25T18:00:00.000Z","name":"163.245.215.46","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '163.245.215.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2048099743025541384"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3968b99d-157d-5e56-bdbd-1c3ecaf7a9c1","created":"2026-04-25T19:09:14.000Z","modified":"2026-04-25T19:09:14.000Z","valid_from":"2026-04-25T19:09:14.000Z","name":"http://149.28.141.17/timesyncd/share/","description":"IOC reported by @JRoosen on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://149.28.141.17/timesyncd/share/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JRoosen/status/2048117144336961967"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--39ff3576-4cbf-5e04-a511-9a31918c8093","created":"2026-04-25T19:09:14.000Z","modified":"2026-04-25T19:09:14.000Z","valid_from":"2026-04-25T19:09:14.000Z","name":"149.28.141.17","description":"IOC reported by @JRoosen on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '149.28.141.17']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JRoosen/status/2048117144336961967"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c83813a1-595e-502c-8ce8-0234b38472a3","created":"2026-04-25T21:01:00.000Z","modified":"2026-04-25T21:01:00.000Z","valid_from":"2026-04-25T21:01:00.000Z","name":"cj597826.tw1.ru","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cj597826.tw1.ru']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048145505524289720"}],"labels":["AgentTesla"]},{"type":"indicator","spec_version":"2.1","id":"indicator--445a4291-26bd-5967-9561-dd39876ac800","created":"2026-04-25T21:01:00.000Z","modified":"2026-04-25T21:01:00.000Z","valid_from":"2026-04-25T21:01:00.000Z","name":"http://cj597826.tw1.ru","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cj597826.tw1.ru']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048145505524289720"}],"labels":["AgentTesla"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c08892d8-c5b7-5e2d-be8a-bcb02d622f53","created":"2026-04-25T21:17:00.000Z","modified":"2026-04-25T21:17:00.000Z","valid_from":"2026-04-25T21:17:00.000Z","name":"authorities-vessel-denver-indie.trycloudflare.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'authorities-vessel-denver-indie.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048149423058833783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--acec9502-fcf1-5570-ac6b-c764bf3472dc","created":"2026-04-25T21:17:00.000Z","modified":"2026-04-25T21:17:00.000Z","valid_from":"2026-04-25T21:17:00.000Z","name":"http://authorities-vessel-denver-indie.trycloudflare.com/ssadoc/","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://authorities-vessel-denver-indie.trycloudflare.com/ssadoc/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048149423058833783"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f609440-72f0-5282-aef9-d814583677fe","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"uofficialerc5v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uofficialerc5v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc49d526-2e94-545a-a1f1-0c51018420bd","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"http://uofficialerc5v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uofficialerc5v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--264b9ba6-566b-580b-acda-6881294f57c7","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"nmethodsrc21v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nmethodsrc21v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c0c97df-cba6-5bf8-82ef-a017438c4a76","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"http://nmethodsrc21v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nmethodsrc21v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ca770bf-a71c-54d4-b47c-80ade68f316b","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"erpolicies-21v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'erpolicies-21v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--da4e5508-347a-50ca-8aa6-2e5e1a337c33","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"http://erpolicies-21v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://erpolicies-21v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff0dea98-4a0b-5590-b76f-57f31481896f","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"polercm-55v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'polercm-55v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8284b39a-f158-588c-92db-86ef07697ebd","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"http://polercm-55v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://polercm-55v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd797205-dcf2-58a2-8342-4d0145350ec4","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"uofficialerc34v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uofficialerc34v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4efb5166-3c21-5fdb-8f0a-48deb744ea3d","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"http://uofficialerc34v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uofficialerc34v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--87935e9b-34df-55c7-887b-136a095f132d","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"uofficialerc20v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uofficialerc20v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f49be0b2-16fb-5492-9040-2c93ea932be6","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"http://uofficialerc20v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uofficialerc20v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--174c697a-781b-5bdb-93e8-5a171cddfb58","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"uofficialerc33v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uofficialerc33v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5154d3e1-eaf3-5bb9-a999-9030503a59dc","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"http://uofficialerc33v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uofficialerc33v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a134189-05c0-56b3-ba41-69f935b00859","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"uofficialerc45v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uofficialerc45v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d266cad-31ee-509a-946d-387ebc958da3","created":"2026-04-25T21:32:00.000Z","modified":"2026-04-25T21:32:00.000Z","valid_from":"2026-04-25T21:32:00.000Z","name":"http://uofficialerc45v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uofficialerc45v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153192563613921"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aab2807d-45d1-580e-becf-9f5c8297aeea","created":"2026-04-25T21:34:00.000Z","modified":"2026-04-25T21:34:00.000Z","valid_from":"2026-04-25T21:34:00.000Z","name":"agfsddfdfdfndesfr.forum","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'agfsddfdfdfndesfr.forum']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153684840796379"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a70d88ac-01bd-5a7d-844e-aac30bedce98","created":"2026-04-25T21:34:00.000Z","modified":"2026-04-25T21:34:00.000Z","valid_from":"2026-04-25T21:34:00.000Z","name":"http://agfsddfdfdfndesfr.forum","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://agfsddfdfdfndesfr.forum']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048153684840796379"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ffb59d4-a05d-54eb-ac9f-88ef1e5933e9","created":"2026-04-25T22:40:00.000Z","modified":"2026-04-25T22:40:00.000Z","valid_from":"2026-04-25T22:40:00.000Z","name":"http://163.61.39.140/hiddenbin/boatnet.mips","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://163.61.39.140/hiddenbin/boatnet.mips']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048170213082825187"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--74b5d7ca-cae1-5f91-a2fd-7fea28750da8","created":"2026-04-25T22:40:00.000Z","modified":"2026-04-25T22:40:00.000Z","valid_from":"2026-04-25T22:40:00.000Z","name":"163.61.39.140","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '163.61.39.140']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048170213082825187"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bdffd458-1486-5397-bb35-bc379894fcb8","created":"2026-04-25T22:40:00.000Z","modified":"2026-04-25T22:40:00.000Z","valid_from":"2026-04-25T22:40:00.000Z","name":"380c1a0da340b8c2aa6002616fcf7310","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '380c1a0da340b8c2aa6002616fcf7310']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048170213082825187"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--989f6956-37aa-5d78-9c71-8ae9b0e074ee","created":"2026-04-26T01:07:00.000Z","modified":"2026-04-26T01:07:00.000Z","valid_from":"2026-04-26T01:07:00.000Z","name":"cmdvitorborges.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cmdvitorborges.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2048207321625497714"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d3db351-eb83-5e60-a69d-205b3b3ea9a2","created":"2026-04-26T01:07:00.000Z","modified":"2026-04-26T01:07:00.000Z","valid_from":"2026-04-26T01:07:00.000Z","name":"http://cmdvitorborges.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cmdvitorborges.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2048207321625497714"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8074d609-327a-51a9-84a8-8947b8f78e57","created":"2026-04-26T01:07:00.000Z","modified":"2026-04-26T01:07:00.000Z","valid_from":"2026-04-26T01:07:00.000Z","name":"136.243.144.249","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '136.243.144.249']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2048207321625497714"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3044872b-c5ad-5da8-a70a-11b27b91ec00","created":"2026-04-26T06:03:00.000Z","modified":"2026-04-26T06:03:00.000Z","valid_from":"2026-04-26T06:03:00.000Z","name":"greenwoodsinvestmentsltd.pro","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'greenwoodsinvestmentsltd.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048281696961745290"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e7a3db1-d32e-5a84-b0f0-e14c762ce462","created":"2026-04-26T06:03:00.000Z","modified":"2026-04-26T06:03:00.000Z","valid_from":"2026-04-26T06:03:00.000Z","name":"http://greenwoodsinvestmentsltd.pro","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://greenwoodsinvestmentsltd.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048281696961745290"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8afe383c-8aed-58df-a191-fc64347b4a49","created":"2026-04-26T09:17:00.000Z","modified":"2026-04-26T09:17:00.000Z","valid_from":"2026-04-26T09:17:00.000Z","name":"dsoqqcfd.vjxjrfyu.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dsoqqcfd.vjxjrfyu.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048330734994420149"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f611528b-0dd2-59fb-8354-fc7b944de9c9","created":"2026-04-26T09:17:00.000Z","modified":"2026-04-26T09:17:00.000Z","valid_from":"2026-04-26T09:17:00.000Z","name":"https://dsoqqcfd.vjxjrfyu.cn/optmer-prefere_html/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dsoqqcfd.vjxjrfyu.cn/optmer-prefere_html/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048330734994420149"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2ff369a-a8e6-52bc-ac4a-32e8db4616dd","created":"2026-04-26T10:05:00.000Z","modified":"2026-04-26T10:05:00.000Z","valid_from":"2026-04-26T10:05:00.000Z","name":"50.16.16.211","description":"IOC reported by @404LABSx on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '50.16.16.211']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/404LABSx/status/2048342737120886922"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--60e4336a-69b6-52b7-8eef-70d87e23f6f1","created":"2026-04-26T11:24:00.000Z","modified":"2026-04-26T11:24:00.000Z","valid_from":"2026-04-26T11:24:00.000Z","name":"4k6plf4h2cm2nco6ae3inrsxnmqgl6lllmwefydhnlcq4tuhwbj4qpad.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '4k6plf4h2cm2nco6ae3inrsxnmqgl6lllmwefydhnlcq4tuhwbj4qpad.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2048362508742975738"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a13fed92-388c-5710-942d-2648eb1fd345","created":"2026-04-26T11:24:00.000Z","modified":"2026-04-26T11:24:00.000Z","valid_from":"2026-04-26T11:24:00.000Z","name":"http://4k6plf4h2cm2nco6ae3inrsxnmqgl6lllmwefydhnlcq4tuhwbj4qpad.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://4k6plf4h2cm2nco6ae3inrsxnmqgl6lllmwefydhnlcq4tuhwbj4qpad.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2048362508742975738"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af600cbd-fad9-5639-9fba-7ccd7ebcb2b9","created":"2026-04-26T12:43:00.000Z","modified":"2026-04-26T12:43:00.000Z","valid_from":"2026-04-26T12:43:00.000Z","name":"176.65.139.143","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '176.65.139.143']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2048382400040743096"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b871d557-b2d1-5a17-9259-31491284306a","created":"2026-04-26T13:25:00.000Z","modified":"2026-04-26T13:25:00.000Z","valid_from":"2026-04-26T13:25:00.000Z","name":"zon123.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zon123.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048392934865916244"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--de8777ae-b5d3-5136-8b7d-80ae18d1e3c6","created":"2026-04-26T13:25:00.000Z","modified":"2026-04-26T13:25:00.000Z","valid_from":"2026-04-26T13:25:00.000Z","name":"http://zon123.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://zon123.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048392934865916244"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0283cc40-b23a-57cc-a100-e33717f79a43","created":"2026-04-26T14:04:00.000Z","modified":"2026-04-26T14:04:00.000Z","valid_from":"2026-04-26T14:04:00.000Z","name":"pippahtohg6qgioqu3ixrsueefuw7thythmmeanyrgwn3eixcuu6jvqd.onion","description":"IOC reported by @AlvieriD on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pippahtohg6qgioqu3ixrsueefuw7thythmmeanyrgwn3eixcuu6jvqd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AlvieriD/status/2048402779467620710"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--876b065c-8d8c-5986-a2eb-afe898840388","created":"2026-04-26T14:04:00.000Z","modified":"2026-04-26T14:04:00.000Z","valid_from":"2026-04-26T14:04:00.000Z","name":"https://pippahtohg6qgioqu3ixrsueefuw7thythmmeanyrgwn3eixcuu6jvqd.onion","description":"IOC reported by @AlvieriD on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pippahtohg6qgioqu3ixrsueefuw7thythmmeanyrgwn3eixcuu6jvqd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AlvieriD/status/2048402779467620710"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ce32ac3-9d57-5e03-b224-b1e8183b65bf","created":"2026-04-26T14:15:00.000Z","modified":"2026-04-26T14:15:00.000Z","valid_from":"2026-04-26T14:15:00.000Z","name":"markhamkidsclinic.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'markhamkidsclinic.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048405527336738920"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--479429d0-dd0d-50cf-b6a6-aeea85305306","created":"2026-04-26T14:15:00.000Z","modified":"2026-04-26T14:15:00.000Z","valid_from":"2026-04-26T14:15:00.000Z","name":"http://markhamkidsclinic.com/o1234i678z","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://markhamkidsclinic.com/o1234i678z']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048405527336738920"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--329b5bcc-5fd8-5db5-92d6-02c25a41f098","created":"2026-04-26T14:15:00.000Z","modified":"2026-04-26T14:15:00.000Z","valid_from":"2026-04-26T14:15:00.000Z","name":"maxbarkod.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'maxbarkod.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048405527336738920"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fda2eb1-e95b-57e4-8674-911beca9fe4f","created":"2026-04-26T14:15:00.000Z","modified":"2026-04-26T14:15:00.000Z","valid_from":"2026-04-26T14:15:00.000Z","name":"http://maxbarkod.com/log/login.php","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://maxbarkod.com/log/login.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048405527336738920"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--94223bfd-aa54-5c93-8119-463416288a4b","created":"2026-04-26T14:15:00.000Z","modified":"2026-04-26T14:15:00.000Z","valid_from":"2026-04-26T14:15:00.000Z","name":"http://maxbarkod.com/log/send_login.php","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://maxbarkod.com/log/send_login.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048405527336738920"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2a71f24-d36e-5927-b03f-bae5e3c92e96","created":"2026-04-26T14:26:00.000Z","modified":"2026-04-26T14:26:00.000Z","valid_from":"2026-04-26T14:26:00.000Z","name":"monopizzapos.online","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'monopizzapos.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048408321703731274"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39b63bba-9eef-508a-b7ed-c9b5391be70a","created":"2026-04-26T14:26:00.000Z","modified":"2026-04-26T14:26:00.000Z","valid_from":"2026-04-26T14:26:00.000Z","name":"http://monopizzapos.online/cgi/login.php","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://monopizzapos.online/cgi/login.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048408321703731274"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--836ca50c-62b0-5ce3-91d7-0b9af45240b6","created":"2026-04-26T15:44:00.000Z","modified":"2026-04-26T15:44:00.000Z","valid_from":"2026-04-26T15:44:00.000Z","name":"http://42.224.7.121:44950/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://42.224.7.121:44950/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048427969484304838"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9c25e4a-b826-5618-a618-e06dca357d75","created":"2026-04-26T15:44:00.000Z","modified":"2026-04-26T15:44:00.000Z","valid_from":"2026-04-26T15:44:00.000Z","name":"42.224.7.121","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '42.224.7.121']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048427969484304838"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d6d0cef-4fc9-5257-92c0-9a3faf07db3e","created":"2026-04-26T15:47:00.000Z","modified":"2026-04-26T15:47:00.000Z","valid_from":"2026-04-26T15:47:00.000Z","name":"http://83.168.110.191/cat.sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://83.168.110.191/cat.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048428725658652942"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--25c79a23-feb9-5613-859d-a4b150a3e856","created":"2026-04-26T15:47:00.000Z","modified":"2026-04-26T15:47:00.000Z","valid_from":"2026-04-26T15:47:00.000Z","name":"176.65.139.140","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '176.65.139.140']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048428725658652942"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9d739d5-1138-517c-a2f0-852e2d794e35","created":"2026-04-26T15:47:00.000Z","modified":"2026-04-26T15:47:00.000Z","valid_from":"2026-04-26T15:47:00.000Z","name":"83.168.110.191","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '83.168.110.191']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048428725658652942"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f6b71ba-e75b-5852-b626-4ca6e63d765f","created":"2026-04-26T15:47:00.000Z","modified":"2026-04-26T15:47:00.000Z","valid_from":"2026-04-26T15:47:00.000Z","name":"dca40f08cc93bc2fba8e3f5fec18593f","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'dca40f08cc93bc2fba8e3f5fec18593f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048428725658652942"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--56e170b4-dc8f-52bf-b7be-bfc89ee7185a","created":"2026-04-26T16:00:00.000Z","modified":"2026-04-26T16:00:00.000Z","valid_from":"2026-04-26T16:00:00.000Z","name":"zimbra-nyatel-production.up.railway.app","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zimbra-nyatel-production.up.railway.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2048431910871875851"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0f86976-22d6-5ab5-848a-3a37ba4bc439","created":"2026-04-26T16:00:00.000Z","modified":"2026-04-26T16:00:00.000Z","valid_from":"2026-04-26T16:00:00.000Z","name":"https://zimbra-nyatel-production.up.railway.app/login.html?gfjdliotrgojnghgherbegrehureert0e0ee=1","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zimbra-nyatel-production.up.railway.app/login.html?gfjdliotrgojnghgherbegrehureert0e0ee=1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2048431910871875851"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0ff0c18-65c8-533f-862d-17a37ff07311","created":"2026-04-26T18:00:00.000Z","modified":"2026-04-26T18:00:00.000Z","valid_from":"2026-04-26T18:00:00.000Z","name":"http://31.58.220.250","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://31.58.220.250']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2048462127254696300"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02b22182-37dd-5aba-aeb7-b7ec6011cf9c","created":"2026-04-26T18:00:00.000Z","modified":"2026-04-26T18:00:00.000Z","valid_from":"2026-04-26T18:00:00.000Z","name":"31.58.220.250","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.58.220.250']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2048462127254696300"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c1a1583-065d-5ef4-b54f-2caca09202cd","created":"2026-04-26T18:10:00.000Z","modified":"2026-04-26T18:10:00.000Z","valid_from":"2026-04-26T18:10:00.000Z","name":"jer.piexlt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jer.piexlt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048464654775541779"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--491cb32c-ee09-5449-bb7e-e975681e82d3","created":"2026-04-26T18:10:00.000Z","modified":"2026-04-26T18:10:00.000Z","valid_from":"2026-04-26T18:10:00.000Z","name":"http://jer.piexlt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jer.piexlt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048464654775541779"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dac6420f-2689-55b8-9bdc-33a047b3db84","created":"2026-04-26T18:10:00.000Z","modified":"2026-04-26T18:10:00.000Z","valid_from":"2026-04-26T18:10:00.000Z","name":"main.zeosshop.ir","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'main.zeosshop.ir']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048464654775541779"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ceb5244d-64e5-5a68-82c2-0f7f8e35e723","created":"2026-04-26T18:10:00.000Z","modified":"2026-04-26T18:10:00.000Z","valid_from":"2026-04-26T18:10:00.000Z","name":"http://main.zeosshop.ir","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://main.zeosshop.ir']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048464654775541779"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--780df7ab-a70c-5538-a66c-99f6968af8d9","created":"2026-04-26T18:10:00.000Z","modified":"2026-04-26T18:10:00.000Z","valid_from":"2026-04-26T18:10:00.000Z","name":"master.zeosshop.ir","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'master.zeosshop.ir']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048464654775541779"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffeced36-39bf-5eca-b4ef-79853f6f6739","created":"2026-04-26T18:10:00.000Z","modified":"2026-04-26T18:10:00.000Z","valid_from":"2026-04-26T18:10:00.000Z","name":"http://master.zeosshop.ir","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://master.zeosshop.ir']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048464654775541779"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ef7457a-a7f8-5fa7-89bc-2a0a262b347a","created":"2026-04-26T18:10:00.000Z","modified":"2026-04-26T18:10:00.000Z","valid_from":"2026-04-26T18:10:00.000Z","name":"servers.zeosshop.ir","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'servers.zeosshop.ir']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048464654775541779"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a41e4839-d04b-5150-9a84-d6fcd570fd98","created":"2026-04-26T18:10:00.000Z","modified":"2026-04-26T18:10:00.000Z","valid_from":"2026-04-26T18:10:00.000Z","name":"http://servers.zeosshop.ir","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://servers.zeosshop.ir']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048464654775541779"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3149db29-54c0-56d5-9a0f-307882a848bb","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"ncodccpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodccpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ab43a06-a58a-5d01-915c-b47211a28b38","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"http://ncodccpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodccpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6a638ea-9338-5ee3-945c-283db326181c","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"ncodcbpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodcbpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b24cff56-7e1a-5694-ac5c-6d768ccfcffa","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"http://ncodcbpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodcbpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62d233dc-217f-52b0-9f40-468cb9f2d0ad","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"ncodcapass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodcapass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c85fb4eb-3322-50b1-8c69-a8880b99b0a6","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"http://ncodcapass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodcapass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b3928e5-c388-5a86-8295-a91814fd85ce","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"ncodbspass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodbspass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22fce9c6-921b-58d1-a937-cc871a4b8c77","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"http://ncodbspass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodbspass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff47b6ef-e567-5bcd-b55f-a8852aef2c57","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"nid.ncodbspass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ncodbspass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85758904-9025-5d7e-99aa-176d41df111b","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"http://nid.ncodbspass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ncodbspass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc194fbe-578c-5d53-98b7-0aaf89d985af","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"nid.ncodbzpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ncodbzpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aaa3e7df-c72d-52b5-9491-558d089182bc","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"http://nid.ncodbzpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ncodbzpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8bd2afd8-31ba-5111-bbdc-08469d2020ff","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"ncodbypass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodbypass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--94b31f8e-c46b-5323-a24e-a5ae34adb323","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"http://ncodbypass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodbypass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93ccaa21-0353-5695-ac78-2334420d9b87","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"ncodbzpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodbzpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10e4f74a-8d1a-55a4-b9d8-10cffa597e89","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"http://ncodbzpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodbzpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bdf5f1aa-c9aa-5d40-9817-448070cd4ae8","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"ncodbvpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodbvpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d6340d7-11a5-5136-870c-23870e134ee4","created":"2026-04-26T18:18:00.000Z","modified":"2026-04-26T18:18:00.000Z","valid_from":"2026-04-26T18:18:00.000Z","name":"http://ncodbvpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodbvpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048466653331988537"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52e87f0d-346a-58ac-a9c0-007be20d9fe5","created":"2026-04-26T19:56:34.000Z","modified":"2026-04-26T19:56:34.000Z","valid_from":"2026-04-26T19:56:34.000Z","name":"previous-everywhere-achieving-bobby.trycloudflare.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'previous-everywhere-achieving-bobby.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048491443971305619"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--820c9960-0e85-564a-b5d4-e9bbf3f2b3f7","created":"2026-04-26T19:56:34.000Z","modified":"2026-04-26T19:56:34.000Z","valid_from":"2026-04-26T19:56:34.000Z","name":"http://previous-everywhere-achieving-bobby.trycloudflare.com/IGhhbmR5IG9ubGluZSB,0b29sIHRvIGVuY29kZSBvciBkZWNvZGUgeW91/","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://previous-everywhere-achieving-bobby.trycloudflare.com/IGhhbmR5IG9ubGluZSB,0b29sIHRvIGVuY29kZSBvciBkZWNvZGUgeW91/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048491443971305619"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ac705ab-4cd0-57f6-92c5-a35e06187e60","created":"2026-04-26T20:01:00.000Z","modified":"2026-04-26T20:01:00.000Z","valid_from":"2026-04-26T20:01:00.000Z","name":"deposit-crew-appointed-princess.trycloudflare.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'deposit-crew-appointed-princess.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048492627096404397"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--542036bd-9442-5f8f-9201-05845177f57c","created":"2026-04-26T20:01:00.000Z","modified":"2026-04-26T20:01:00.000Z","valid_from":"2026-04-26T20:01:00.000Z","name":"http://deposit-crew-appointed-princess.trycloudflare.com/xxace36/26sc/web/mail.php","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://deposit-crew-appointed-princess.trycloudflare.com/xxace36/26sc/web/mail.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048492627096404397"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34cef663-cbc4-5853-88ac-1f9fffcae74f","created":"2026-04-26T20:41:00.000Z","modified":"2026-04-26T20:41:00.000Z","valid_from":"2026-04-26T20:41:00.000Z","name":"smartbenefits.site","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'smartbenefits.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048502759331389910"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e92d24f8-d881-5f48-b5ad-84c5a362404f","created":"2026-04-26T20:41:00.000Z","modified":"2026-04-26T20:41:00.000Z","valid_from":"2026-04-26T20:41:00.000Z","name":"http://smartbenefits.site","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://smartbenefits.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048502759331389910"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f35bcc92-2f0a-577e-94d2-75ba3f8fff83","created":"2026-04-26T20:41:00.000Z","modified":"2026-04-26T20:41:00.000Z","valid_from":"2026-04-26T20:41:00.000Z","name":"cartspecials.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cartspecials.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048502759331389910"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b80a0c63-8e7d-5589-8141-6395b847e665","created":"2026-04-26T20:41:00.000Z","modified":"2026-04-26T20:41:00.000Z","valid_from":"2026-04-26T20:41:00.000Z","name":"http://cartspecials.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cartspecials.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048502759331389910"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36f9f734-5723-519a-ab8c-bfe9fecda9b7","created":"2026-04-26T23:28:00.000Z","modified":"2026-04-26T23:28:00.000Z","valid_from":"2026-04-26T23:28:00.000Z","name":"iepvirgendecopacabana.com","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iepvirgendecopacabana.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2048544885494747285"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92fb8eb7-d500-517c-aca9-956f964bc5f8","created":"2026-04-26T23:28:00.000Z","modified":"2026-04-26T23:28:00.000Z","valid_from":"2026-04-26T23:28:00.000Z","name":"https://iepvirgendecopacabana.com/cgibin/","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://iepvirgendecopacabana.com/cgibin/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2048544885494747285"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5cad9d67-4489-5b7f-b37c-1606bf137687","created":"2026-04-26T23:28:00.000Z","modified":"2026-04-26T23:28:00.000Z","valid_from":"2026-04-26T23:28:00.000Z","name":"https://iepvirgendecopacabana.com/htaccess/","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://iepvirgendecopacabana.com/htaccess/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2048544885494747285"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f46d4ebf-5a2a-5676-8f7a-1e505558a0f0","created":"2026-04-27T00:57:00.000Z","modified":"2026-04-27T00:57:00.000Z","valid_from":"2026-04-27T00:57:00.000Z","name":"b3bf26bfbf7aec43379523bd18b1ec16","description":"IOC reported by @G60930953 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'b3bf26bfbf7aec43379523bd18b1ec16']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/G60930953/status/2048567059684942207"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c693a50-f1a2-50ed-a6bb-86b8c720f077","created":"2026-04-27T00:58:00.000Z","modified":"2026-04-27T00:58:00.000Z","valid_from":"2026-04-27T00:58:00.000Z","name":"http://87.121.79.73/ok","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://87.121.79.73/ok']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048567388187025858"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--623dc16a-9f4c-520e-aa98-3e01e9c386c5","created":"2026-04-27T00:58:00.000Z","modified":"2026-04-27T00:58:00.000Z","valid_from":"2026-04-27T00:58:00.000Z","name":"87.121.84.136","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '87.121.84.136']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048567388187025858"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1224f8d-4322-50a3-b207-d21ca84d9991","created":"2026-04-27T00:58:00.000Z","modified":"2026-04-27T00:58:00.000Z","valid_from":"2026-04-27T00:58:00.000Z","name":"87.121.79.73","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '87.121.79.73']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048567388187025858"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ecba1679-c410-5f62-8e3f-78257c66bddf","created":"2026-04-27T00:58:00.000Z","modified":"2026-04-27T00:58:00.000Z","valid_from":"2026-04-27T00:58:00.000Z","name":"d6fc1b8c97634893b5638fa39f47b89f","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'd6fc1b8c97634893b5638fa39f47b89f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2048567388187025858"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--964be172-0b92-557f-a4dc-844ccded33a9","created":"2026-04-27T01:28:00.000Z","modified":"2026-04-27T01:28:00.000Z","valid_from":"2026-04-27T01:28:00.000Z","name":"login.b9l6kfqw.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.b9l6kfqw.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048574924068118575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65f2e513-c8ff-5abf-9809-9bf46ed594b4","created":"2026-04-27T01:28:00.000Z","modified":"2026-04-27T01:28:00.000Z","valid_from":"2026-04-27T01:28:00.000Z","name":"https://login.b9l6kfqw.shop/login","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.b9l6kfqw.shop/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048574924068118575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b3960e3-62cd-5a24-85f2-e2b00cdd1026","created":"2026-04-27T02:54:00.000Z","modified":"2026-04-27T02:54:00.000Z","valid_from":"2026-04-27T02:54:00.000Z","name":"http://94.126.224.99","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://94.126.224.99']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2048596656141340906"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1055a6cf-31f3-584f-81fa-776c6bd18816","created":"2026-04-27T02:54:00.000Z","modified":"2026-04-27T02:54:00.000Z","valid_from":"2026-04-27T02:54:00.000Z","name":"mofa-go-np.direct880.net","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mofa-go-np.direct880.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2048596656141340906"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23d0aaa0-9afb-5f41-8b16-b397588ea34c","created":"2026-04-27T02:54:00.000Z","modified":"2026-04-27T02:54:00.000Z","valid_from":"2026-04-27T02:54:00.000Z","name":"http://mofa-go-np.direct880.net","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mofa-go-np.direct880.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2048596656141340906"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac225bd0-51fa-5f16-9236-fc17733d78d5","created":"2026-04-27T02:54:00.000Z","modified":"2026-04-27T02:54:00.000Z","valid_from":"2026-04-27T02:54:00.000Z","name":"mofa-gov-np.direct880.net","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mofa-gov-np.direct880.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2048596656141340906"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c07c15ad-e85d-5af7-92e2-89d57257cc65","created":"2026-04-27T02:54:00.000Z","modified":"2026-04-27T02:54:00.000Z","valid_from":"2026-04-27T02:54:00.000Z","name":"http://mofa-gov-np.direct880.net","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mofa-gov-np.direct880.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2048596656141340906"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--70cd2ed8-1662-5db3-9a88-d08670578d01","created":"2026-04-27T02:54:00.000Z","modified":"2026-04-27T02:54:00.000Z","valid_from":"2026-04-27T02:54:00.000Z","name":"pakun-org.direct880.net","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pakun-org.direct880.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2048596656141340906"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae23eb2b-6f2c-5e18-8a5b-53dc07a3c9ab","created":"2026-04-27T02:54:00.000Z","modified":"2026-04-27T02:54:00.000Z","valid_from":"2026-04-27T02:54:00.000Z","name":"http://pakun-org.direct880.net","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pakun-org.direct880.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2048596656141340906"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cfffa5f-39bc-5a58-8680-d696e6358f5f","created":"2026-04-27T02:54:00.000Z","modified":"2026-04-27T02:54:00.000Z","valid_from":"2026-04-27T02:54:00.000Z","name":"94.126.224.99","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.126.224.99']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2048596656141340906"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3505883b-c0ee-5362-a782-941265d229ce","created":"2026-04-27T04:37:00.000Z","modified":"2026-04-27T04:37:00.000Z","valid_from":"2026-04-27T04:37:00.000Z","name":"nodu1718.odns.fr","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nodu1718.odns.fr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2048622601094742217"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--289b09de-6e76-568e-b3a0-213ae183263e","created":"2026-04-27T04:37:00.000Z","modified":"2026-04-27T04:37:00.000Z","valid_from":"2026-04-27T04:37:00.000Z","name":"http://nodu1718.odns.fr/sjssjdj/alibaba/","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nodu1718.odns.fr/sjssjdj/alibaba/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2048622601094742217"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f99d4e0-b496-5eda-b782-cd6da3f43c69","created":"2026-04-27T04:37:00.000Z","modified":"2026-04-27T04:37:00.000Z","valid_from":"2026-04-27T04:37:00.000Z","name":"109.234.164.139","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '109.234.164.139']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2048622601094742217"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--666fc5af-ccca-529d-95bc-629979bf6a17","created":"2026-04-27T05:12:00.000Z","modified":"2026-04-27T05:12:00.000Z","valid_from":"2026-04-27T05:12:00.000Z","name":"5f44fb80dc20da875b4f7470e519e29f","description":"IOC reported by @prasad_dhakad on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '5f44fb80dc20da875b4f7470e519e29f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/prasad_dhakad/status/2048631468726100315"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--826238e4-3943-5a74-a747-b60b66a3d879","created":"2026-04-27T05:19:00.000Z","modified":"2026-04-27T05:19:00.000Z","valid_from":"2026-04-27T05:19:00.000Z","name":"https://rushadventure.com/cart/Pd1qtLn3XGYvDOdEKDTQ0","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rushadventure.com/cart/Pd1qtLn3XGYvDOdEKDTQ0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048633016021631347"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f670084-4a22-50d5-ae1b-eb3171072948","created":"2026-04-27T05:19:00.000Z","modified":"2026-04-27T05:19:00.000Z","valid_from":"2026-04-27T05:19:00.000Z","name":"34.146.190.224","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.146.190.224']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048633016021631347"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c11d0d5-ca3e-558c-a1e7-351f3f25f869","created":"2026-04-27T05:20:00.000Z","modified":"2026-04-27T05:20:00.000Z","valid_from":"2026-04-27T05:20:00.000Z","name":"rushadventure.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rushadventure.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048633302719058241"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--60388b10-269a-5888-a236-e8d834c7a54d","created":"2026-04-27T05:20:00.000Z","modified":"2026-04-27T05:20:00.000Z","valid_from":"2026-04-27T05:20:00.000Z","name":"https://rushadventure.com/goods/vT0nkA3OdO9p5CbP4fwfS","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rushadventure.com/goods/vT0nkA3OdO9p5CbP4fwfS']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048633302719058241"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--092dd827-1570-5cc6-9824-8c8b4a5006dd","created":"2026-04-27T05:20:00.000Z","modified":"2026-04-27T05:20:00.000Z","valid_from":"2026-04-27T05:20:00.000Z","name":"35.200.36.49","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '35.200.36.49']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048633302719058241"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e08184b-1dde-51e1-a438-e4f483656481","created":"2026-04-27T05:20:00.000Z","modified":"2026-04-27T05:20:00.000Z","valid_from":"2026-04-27T05:20:00.000Z","name":"43.167.158.31","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.167.158.31']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048633302719058241"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb4848f3-90be-5bb2-bcbd-854667b7cdcc","created":"2026-04-27T05:33:00.000Z","modified":"2026-04-27T05:33:00.000Z","valid_from":"2026-04-27T05:33:00.000Z","name":"bwymenu.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bwymenu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636617435525508"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fbb6fe5-de8c-542a-a22e-f9a0dbf090ec","created":"2026-04-27T05:33:00.000Z","modified":"2026-04-27T05:33:00.000Z","valid_from":"2026-04-27T05:33:00.000Z","name":"https://bwymenu.com/read/odtgzw","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bwymenu.com/read/odtgzw']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636617435525508"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5239306e-8258-5575-86a2-33b5dd2cb177","created":"2026-04-27T05:33:00.000Z","modified":"2026-04-27T05:33:00.000Z","valid_from":"2026-04-27T05:33:00.000Z","name":"34.179.152.198","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.179.152.198']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636617435525508"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--146f664e-8039-5bd5-8947-47162ab23a7a","created":"2026-04-27T05:33:00.000Z","modified":"2026-04-27T05:33:00.000Z","valid_from":"2026-04-27T05:33:00.000Z","name":"43.167.162.143","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.167.162.143']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636617435525508"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d01cc4f-d2c5-55bf-ba4a-515042dfcda0","created":"2026-04-27T05:33:00.000Z","modified":"2026-04-27T05:33:00.000Z","valid_from":"2026-04-27T05:33:00.000Z","name":"https://sfht.mobi/kokiy1/","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sfht.mobi/kokiy1/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636623055962233"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b87a134a-6d53-50fb-ba4e-fc1835061ed4","created":"2026-04-27T05:34:00.000Z","modified":"2026-04-27T05:34:00.000Z","valid_from":"2026-04-27T05:34:00.000Z","name":"haikek.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'haikek.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636940279595352"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50afa877-93c8-544f-8fbc-e20f26a25758","created":"2026-04-27T05:34:00.000Z","modified":"2026-04-27T05:34:00.000Z","valid_from":"2026-04-27T05:34:00.000Z","name":"https://haikek.com/awapsf/redirect","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://haikek.com/awapsf/redirect']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636940279595352"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eca5b9e5-d227-5b3a-a394-eb8adedc759c","created":"2026-04-27T05:34:00.000Z","modified":"2026-04-27T05:34:00.000Z","valid_from":"2026-04-27T05:34:00.000Z","name":"sfht.mobi","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sfht.mobi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636940279595352"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1760559-080e-56dd-b07b-51df925c4533","created":"2026-04-27T05:34:00.000Z","modified":"2026-04-27T05:34:00.000Z","valid_from":"2026-04-27T05:34:00.000Z","name":"https://sfht.mobi/kokiy1","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sfht.mobi/kokiy1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636940279595352"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef472b5c-ae72-5179-8690-4e68c9faa318","created":"2026-04-27T05:34:00.000Z","modified":"2026-04-27T05:34:00.000Z","valid_from":"2026-04-27T05:34:00.000Z","name":"34.182.190.206","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.182.190.206']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636940279595352"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7fdf58bb-6c2a-5df9-ae7b-bc60261a9399","created":"2026-04-27T05:34:00.000Z","modified":"2026-04-27T05:34:00.000Z","valid_from":"2026-04-27T05:34:00.000Z","name":"43.153.172.251","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.153.172.251']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048636940279595352"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36f9f734-5723-519a-ab8c-bfe9fecda9b7","created":"2026-04-27T05:35:11.000Z","modified":"2026-04-27T05:35:11.000Z","valid_from":"2026-04-27T05:35:11.000Z","name":"iepvirgendecopacabana.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iepvirgendecopacabana.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048637060919996814"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--92fb8eb7-d500-517c-aca9-956f964bc5f8","created":"2026-04-27T05:35:11.000Z","modified":"2026-04-27T05:35:11.000Z","valid_from":"2026-04-27T05:35:11.000Z","name":"https://iepvirgendecopacabana.com/cgibin/","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://iepvirgendecopacabana.com/cgibin/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048637060919996814"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5cad9d67-4489-5b7f-b37c-1606bf137687","created":"2026-04-27T05:35:11.000Z","modified":"2026-04-27T05:35:11.000Z","valid_from":"2026-04-27T05:35:11.000Z","name":"https://iepvirgendecopacabana.com/htaccess/","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://iepvirgendecopacabana.com/htaccess/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048637060919996814"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--33d197c0-2fa9-5bdf-aea7-89c307441ac2","created":"2026-04-27T05:37:00.000Z","modified":"2026-04-27T05:37:00.000Z","valid_from":"2026-04-27T05:37:00.000Z","name":"38.76.193.60","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.76.193.60']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2048637515507106100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a060390b-7fd0-53a9-bebb-32e739e7e597","created":"2026-04-27T05:37:00.000Z","modified":"2026-04-27T05:37:00.000Z","valid_from":"2026-04-27T05:37:00.000Z","name":"143.92.51.15","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '143.92.51.15']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2048637515507106100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6037ce1c-d8f3-5915-84e3-b2f39aa6a628","created":"2026-04-27T05:37:00.000Z","modified":"2026-04-27T05:37:00.000Z","valid_from":"2026-04-27T05:37:00.000Z","name":"154.23.185.75","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '154.23.185.75']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2048637515507106100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b48778ad-416e-5227-ab5f-e020cf14c2bd","created":"2026-04-27T05:37:00.000Z","modified":"2026-04-27T05:37:00.000Z","valid_from":"2026-04-27T05:37:00.000Z","name":"156.247.41.12","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '156.247.41.12']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2048637515507106100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--187be8a4-c510-5822-b445-0839bb92999b","created":"2026-04-27T05:37:00.000Z","modified":"2026-04-27T05:37:00.000Z","valid_from":"2026-04-27T05:37:00.000Z","name":"192.238.184.216","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.238.184.216']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2048637515507106100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--92c437e6-27f8-550d-bc1a-3fbd638a3fb7","created":"2026-04-27T05:38:00.000Z","modified":"2026-04-27T05:38:00.000Z","valid_from":"2026-04-27T05:38:00.000Z","name":"login.guf792lp.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.guf792lp.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048637920891072891"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1b44371-e720-5565-b0ca-5a03c32eb276","created":"2026-04-27T05:38:00.000Z","modified":"2026-04-27T05:38:00.000Z","valid_from":"2026-04-27T05:38:00.000Z","name":"https://login.guf792lp.shop/login","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.guf792lp.shop/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048637920891072891"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f19910ad-342b-5dbe-a690-b517832d9218","created":"2026-04-27T05:45:00.000Z","modified":"2026-04-27T05:45:00.000Z","valid_from":"2026-04-27T05:45:00.000Z","name":"dhlnorth.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dhlnorth.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048639773473182103"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d7ce367-6486-5d7d-9c84-6e9b3489efc8","created":"2026-04-27T05:45:00.000Z","modified":"2026-04-27T05:45:00.000Z","valid_from":"2026-04-27T05:45:00.000Z","name":"https://dhlnorth.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dhlnorth.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048639773473182103"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc2249f2-cc75-5975-a093-26c7ffc6ef60","created":"2026-04-27T05:45:00.000Z","modified":"2026-04-27T05:45:00.000Z","valid_from":"2026-04-27T05:45:00.000Z","name":"146.56.133.79","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '146.56.133.79']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048639773473182103"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c54dfdae-619b-5689-8f76-7edd52295420","created":"2026-04-27T06:37:00.000Z","modified":"2026-04-27T06:37:00.000Z","valid_from":"2026-04-27T06:37:00.000Z","name":"148.113.136.44","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '148.113.136.44']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2048652847827603916"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18ae01e1-9a6a-5a2c-95a9-b5fd946ddc77","created":"2026-04-27T06:42:00.000Z","modified":"2026-04-27T06:42:00.000Z","valid_from":"2026-04-27T06:42:00.000Z","name":"mountainviewnursery.online","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mountainviewnursery.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048654115849617635"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db4c958a-8b25-5a53-af16-637c1cce19cb","created":"2026-04-27T06:42:00.000Z","modified":"2026-04-27T06:42:00.000Z","valid_from":"2026-04-27T06:42:00.000Z","name":"https://mountainviewnursery.online","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mountainviewnursery.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048654115849617635"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e373814-b092-50f0-8806-5701f5911a04","created":"2026-04-27T06:42:00.000Z","modified":"2026-04-27T06:42:00.000Z","valid_from":"2026-04-27T06:42:00.000Z","name":"ktoshi110.github.io","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ktoshi110.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048654115849617635"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96b76ed1-ca06-5f1f-aea9-d07593fe1282","created":"2026-04-27T06:42:00.000Z","modified":"2026-04-27T06:42:00.000Z","valid_from":"2026-04-27T06:42:00.000Z","name":"https://ktoshi110.github.io/Amazons/","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ktoshi110.github.io/Amazons/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048654115849617635"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7dbd882d-ed28-540a-bec8-e27dbd5b9988","created":"2026-04-27T06:42:00.000Z","modified":"2026-04-27T06:42:00.000Z","valid_from":"2026-04-27T06:42:00.000Z","name":"193.239.151.204","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.239.151.204']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048654115849617635"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb96651b-1fb7-5c1e-a3f4-c854ef0d749f","created":"2026-04-27T06:44:00.000Z","modified":"2026-04-27T06:44:00.000Z","valid_from":"2026-04-27T06:44:00.000Z","name":"https://hongkewood.com/6WDicTOgYw.info.jp","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://hongkewood.com/6WDicTOgYw.info.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048654601835221159"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad4725e2-b901-56ef-a47c-fae63c93719d","created":"2026-04-27T06:44:00.000Z","modified":"2026-04-27T06:44:00.000Z","valid_from":"2026-04-27T06:44:00.000Z","name":"beachwearcostumi.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'beachwearcostumi.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048654601835221159"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d90402f2-9a9f-57a6-8f13-c76171e59aba","created":"2026-04-27T06:44:00.000Z","modified":"2026-04-27T06:44:00.000Z","valid_from":"2026-04-27T06:44:00.000Z","name":"https://beachwearcostumi.com/bzkwzaws","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://beachwearcostumi.com/bzkwzaws']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048654601835221159"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bccb9bf2-85b0-540a-a7e1-19a9a98bea9b","created":"2026-04-27T06:44:00.000Z","modified":"2026-04-27T06:44:00.000Z","valid_from":"2026-04-27T06:44:00.000Z","name":"35.233.191.151","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '35.233.191.151']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048654601835221159"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4ce9ed43-b05c-5791-ae5b-b7f61a297014","created":"2026-04-27T06:46:00.000Z","modified":"2026-04-27T06:46:00.000Z","valid_from":"2026-04-27T06:46:00.000Z","name":"207.56.30.160","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '207.56.30.160']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2048655094300975563"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eddc6853-475d-584a-bae5-19896f1f79c0","created":"2026-04-27T06:46:00.000Z","modified":"2026-04-27T06:46:00.000Z","valid_from":"2026-04-27T06:46:00.000Z","name":"d944876d729809b6933ee4797afbed840d28988b68f6726be255fdf8dd799a37","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd944876d729809b6933ee4797afbed840d28988b68f6726be255fdf8dd799a37']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2048655094300975563"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0850ef7f-5dae-52c2-934d-3d49dfa1f64d","created":"2026-04-27T06:46:00.000Z","modified":"2026-04-27T06:46:00.000Z","valid_from":"2026-04-27T06:46:00.000Z","name":"ea16a69793d30869b687b607995764805c36f06b7f4205872375e9cac38662d7","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'ea16a69793d30869b687b607995764805c36f06b7f4205872375e9cac38662d7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2048655094300975563"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0c97668-4fdf-5872-b49b-b8a35d797a02","created":"2026-04-27T06:46:00.000Z","modified":"2026-04-27T06:46:00.000Z","valid_from":"2026-04-27T06:46:00.000Z","name":"https://steamcommunity.com/profiles/76561198709529056","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://steamcommunity.com/profiles/76561198709529056']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2048655046028439966"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4f53ee0-9c9e-51dd-87f6-2f440046ac87","created":"2026-04-27T06:46:00.000Z","modified":"2026-04-27T06:46:00.000Z","valid_from":"2026-04-27T06:46:00.000Z","name":"https://telegram.me/b8bz11","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://telegram.me/b8bz11']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2048655046028439966"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--390907a4-ec32-5522-bb16-4db24f5dce6e","created":"2026-04-27T06:46:00.000Z","modified":"2026-04-27T06:46:00.000Z","valid_from":"2026-04-27T06:46:00.000Z","name":"yxwhzmysgs.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'yxwhzmysgs.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048655094305243268"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae719dd6-a545-5066-89f3-1287b93ccb25","created":"2026-04-27T06:46:00.000Z","modified":"2026-04-27T06:46:00.000Z","valid_from":"2026-04-27T06:46:00.000Z","name":"https://yxwhzmysgs.com/OONOHZy5tm.digital","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://yxwhzmysgs.com/OONOHZy5tm.digital']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048655094305243268"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--250923bb-6889-5cde-826b-dd2abbeaf937","created":"2026-04-27T06:48:00.000Z","modified":"2026-04-27T06:48:00.000Z","valid_from":"2026-04-27T06:48:00.000Z","name":"hongkewood.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hongkewood.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048655579259040035"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a26d3c0b-ac53-5a0c-98d4-4b039cf36cbf","created":"2026-04-27T06:48:00.000Z","modified":"2026-04-27T06:48:00.000Z","valid_from":"2026-04-27T06:48:00.000Z","name":"https://hongkewood.com/UHUAJOkG0a.company","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://hongkewood.com/UHUAJOkG0a.company']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048655579259040035"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e31d6889-ac87-586b-9ede-810bcd195af3","created":"2026-04-27T06:48:00.000Z","modified":"2026-04-27T06:48:00.000Z","valid_from":"2026-04-27T06:48:00.000Z","name":"35.236.104.208","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '35.236.104.208']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048655579259040035"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40a37f3f-1c34-57cf-ac45-5aef3d99b496","created":"2026-04-27T06:48:00.000Z","modified":"2026-04-27T06:48:00.000Z","valid_from":"2026-04-27T06:48:00.000Z","name":"43.133.191.80","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.133.191.80']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048655579259040035"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--95f97cc6-3d30-5e88-a050-5f7a2db287fd","created":"2026-04-27T06:50:00.000Z","modified":"2026-04-27T06:50:00.000Z","valid_from":"2026-04-27T06:50:00.000Z","name":"gamingchaircheap.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gamingchaircheap.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048656033980280955"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a3665c3-a513-5b38-af7a-bd3a9031010c","created":"2026-04-27T06:50:00.000Z","modified":"2026-04-27T06:50:00.000Z","valid_from":"2026-04-27T06:50:00.000Z","name":"https://gamingchaircheap.com/?track=Ozp90nsDnouw","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://gamingchaircheap.com/?track=Ozp90nsDnouw']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048656033980280955"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1060b5d-f0c5-5d5d-b4ef-0d64523e9509","created":"2026-04-27T06:50:00.000Z","modified":"2026-04-27T06:50:00.000Z","valid_from":"2026-04-27T06:50:00.000Z","name":"192.119.111.222","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.119.111.222']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048656033980280955"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9eeca566-8e6c-5911-af68-36aefcc0a6ee","created":"2026-04-27T06:52:00.000Z","modified":"2026-04-27T06:52:00.000Z","valid_from":"2026-04-27T06:52:00.000Z","name":"hombreropa.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hombreropa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048656414722408553"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fe22330-4f06-5a3c-b405-4bdc34ad8b3a","created":"2026-04-27T06:52:00.000Z","modified":"2026-04-27T06:52:00.000Z","valid_from":"2026-04-27T06:52:00.000Z","name":"https://hombreropa.com/media/nQiEGaeVRRY-.xml","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://hombreropa.com/media/nQiEGaeVRRY-.xml']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048656414722408553"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc92f45c-3efd-5877-a737-0bef0c56618e","created":"2026-04-27T06:52:00.000Z","modified":"2026-04-27T06:52:00.000Z","valid_from":"2026-04-27T06:52:00.000Z","name":"192.236.146.83","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.236.146.83']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048656414722408553"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3548474e-25da-5c9e-82c2-7ed700d5f1f6","created":"2026-04-27T06:52:00.000Z","modified":"2026-04-27T06:52:00.000Z","valid_from":"2026-04-27T06:52:00.000Z","name":"43.133.164.105","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.133.164.105']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048656414722408553"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97f94185-3dd2-5503-98f9-2938d58d8efa","created":"2026-04-27T06:59:00.000Z","modified":"2026-04-27T06:59:00.000Z","valid_from":"2026-04-27T06:59:00.000Z","name":"www-pay.zhn-wap-hth.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www-pay.zhn-wap-hth.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048658152523272698"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b57992df-8011-5611-aede-e892e2f8e663","created":"2026-04-27T06:59:00.000Z","modified":"2026-04-27T06:59:00.000Z","valid_from":"2026-04-27T06:59:00.000Z","name":"https://www-pay.zhn-wap-hth.com/?TYQc1puZ.jpg","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www-pay.zhn-wap-hth.com/?TYQc1puZ.jpg']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048658152523272698"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca237239-755a-520b-b518-0e81fcae9be1","created":"2026-04-27T06:59:00.000Z","modified":"2026-04-27T06:59:00.000Z","valid_from":"2026-04-27T06:59:00.000Z","name":"35.204.194.92","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '35.204.194.92']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048658152523272698"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5372b894-bc31-53d3-b4a2-ff322709c9a7","created":"2026-04-27T07:05:00.000Z","modified":"2026-04-27T07:05:00.000Z","valid_from":"2026-04-27T07:05:00.000Z","name":"www2-pay.download-home-kaiyun.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www2-pay.download-home-kaiyun.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048659743636676743"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--55cd7664-993f-5d87-b182-b2cb68ec3ee2","created":"2026-04-27T07:05:00.000Z","modified":"2026-04-27T07:05:00.000Z","valid_from":"2026-04-27T07:05:00.000Z","name":"https://www2-pay.download-home-kaiyun.com/?fl9DdDjw.jpg","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www2-pay.download-home-kaiyun.com/?fl9DdDjw.jpg']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048659743636676743"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ebea8b2-4399-5a0c-a6fa-36f25b48475b","created":"2026-04-27T07:05:00.000Z","modified":"2026-04-27T07:05:00.000Z","valid_from":"2026-04-27T07:05:00.000Z","name":"34.178.117.125","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.178.117.125']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048659743636676743"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--54da754a-0dbb-5e49-bc57-9e200a799e9d","created":"2026-04-27T07:05:00.000Z","modified":"2026-04-27T07:05:00.000Z","valid_from":"2026-04-27T07:05:00.000Z","name":"https://login.guf792lp.shop/mxh7ysng?_t=TA4qiO51OBD9pcHJj7jltfHiLdYoDiDTzV0DA1XWaCs","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.guf792lp.shop/mxh7ysng?_t=TA4qiO51OBD9pcHJj7jltfHiLdYoDiDTzV0DA1XWaCs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048659745620545771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--42807cfe-ea11-591e-acf6-0aef7d95429f","created":"2026-04-27T07:07:00.000Z","modified":"2026-04-27T07:07:00.000Z","valid_from":"2026-04-27T07:07:00.000Z","name":"aeb2cbf7f7031467d99c6fa29318bd51642ed5ff46b20458baab8fb2ef671f28","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'aeb2cbf7f7031467d99c6fa29318bd51642ed5ff46b20458baab8fb2ef671f28']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2048660186722869507"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0bf487b9-5915-58f9-854d-6809f4ac5619","created":"2026-04-27T07:10:00.000Z","modified":"2026-04-27T07:10:00.000Z","valid_from":"2026-04-27T07:10:00.000Z","name":"toothbased.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'toothbased.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048661169339305996"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e19f113-102b-59f6-982b-b1e561924151","created":"2026-04-27T07:10:00.000Z","modified":"2026-04-27T07:10:00.000Z","valid_from":"2026-04-27T07:10:00.000Z","name":"https://toothbased.com/?type=verify&key=wotdhwafcg","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://toothbased.com/?type=verify&key=wotdhwafcg']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048661169339305996"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b38e310-6023-5bf3-b5c1-b17534dc41cd","created":"2026-04-27T07:10:00.000Z","modified":"2026-04-27T07:10:00.000Z","valid_from":"2026-04-27T07:10:00.000Z","name":"158.101.137.3","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '158.101.137.3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2048661169339305996"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83a30107-59ca-5301-b01e-977a2c6ea712","created":"2026-04-27T07:52:00.000Z","modified":"2026-04-27T07:52:00.000Z","valid_from":"2026-04-27T07:52:00.000Z","name":"zyisykm.shop","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zyisykm.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2048671502443180444"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a535bcd9-c81b-53a5-9587-8bf345929e2c","created":"2026-04-27T07:52:00.000Z","modified":"2026-04-27T07:52:00.000Z","valid_from":"2026-04-27T07:52:00.000Z","name":"https://zyisykm.shop","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zyisykm.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2048671502443180444"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--05aa432b-fe37-57e3-83f2-844cc24be4bf","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"indiagov.shop","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'indiagov.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf628517-d9b3-5cc9-9a4a-44249821f1cd","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://indiagov.shop","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://indiagov.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a0a5b766-83f3-58ce-b7f5-86c3c64a100e","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"xhxz.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xhxz.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0fdd73ec-7a3c-5f0f-9934-808f6af2350f","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://xhxz.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xhxz.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2be9165c-b0a0-5e54-b146-070c8d8e93a1","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"kjrywrzx.shop","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kjrywrzx.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--055a3ae8-3878-59f0-843b-398acdaa8b2b","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://kjrywrzx.shop","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kjrywrzx.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e2a1efe-a875-5c0d-be92-e180fbbea749","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"gooomld.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gooomld.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fcd8571-ec26-5dfb-8d2c-31fb7e15b2f2","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://gooomld.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gooomld.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8715000a-e037-55b3-8330-4fd4575001fe","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"goolmor.cyou","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'goolmor.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c608c51a-082b-5c54-97c8-351a38f95a93","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://goolmor.cyou","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://goolmor.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--726a9126-84d1-5b45-921a-6ed31a3ed16a","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"fgsdol.icu","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fgsdol.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9222af7b-a5d3-5e93-bc6c-d309fa733e4d","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://fgsdol.icu","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fgsdol.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f9c2686-1b75-5c0c-a7a4-f570aa2a58ad","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"vsdnk.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vsdnk.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a58ba0b7-361b-5068-93cd-7dc0e611439a","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://vsdnk.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vsdnk.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f051b88-dc43-5517-8c71-f158aca96dc0","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"gooomoel.shop","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gooomoel.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--781b2084-4c30-5c6b-87c0-65d2d7d8fd6a","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://gooomoel.shop","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gooomoel.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf2030d7-dfe3-5f5c-91f3-a42d636ed63d","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"Letter.zip","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Letter.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--93adc3e1-5284-5c6e-af61-4ebc44f84c1a","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://Letter.zip","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Letter.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cd7d694-7181-5710-a4dc-f4f3a27cf39d","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"Check.zip","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Check.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc397f9a-98e3-578c-b406-2e8985dbc254","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://Check.zip","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Check.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--74bfd54a-afb9-5f3a-b5b8-c718ba919528","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"http://38.76.199.112","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://38.76.199.112']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9de36f97-dc30-5a0b-89cb-f35914db182f","created":"2026-04-27T08:48:00.000Z","modified":"2026-04-27T08:48:00.000Z","valid_from":"2026-04-27T08:48:00.000Z","name":"38.76.199.112","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.76.199.112']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048685639403774218"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a70383d-42b1-58ab-bc68-4e2cfd926c3a","created":"2026-04-27T09:23:00.000Z","modified":"2026-04-27T09:23:00.000Z","valid_from":"2026-04-27T09:23:00.000Z","name":"573dc21ae52d9d6a3607dc97655e70fd","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '573dc21ae52d9d6a3607dc97655e70fd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2048694432183234857"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3cb9f863-7114-5fd8-811b-177eb09437b1","created":"2026-04-27T09:56:00.000Z","modified":"2026-04-27T09:56:00.000Z","valid_from":"2026-04-27T09:56:00.000Z","name":"lesoulkir.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lesoulkir.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048702700435411434"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6931ae10-468d-512f-acb0-2678c9745d34","created":"2026-04-27T09:56:00.000Z","modified":"2026-04-27T09:56:00.000Z","valid_from":"2026-04-27T09:56:00.000Z","name":"http://lesoulkir.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lesoulkir.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048702700435411434"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--244cb438-05ad-5971-a787-d65e5d3999fb","created":"2026-04-27T10:07:00.000Z","modified":"2026-04-27T10:07:00.000Z","valid_from":"2026-04-27T10:07:00.000Z","name":"imgresim.net","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imgresim.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048705522451271688"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--57d42a2c-0a65-5647-937f-cfea32a5892d","created":"2026-04-27T10:07:00.000Z","modified":"2026-04-27T10:07:00.000Z","valid_from":"2026-04-27T10:07:00.000Z","name":"https://imgresim.net/Screen_Shot_1253_246469384693746_2469724.jpg.zip","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://imgresim.net/Screen_Shot_1253_246469384693746_2469724.jpg.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048705522451271688"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d6d3eaf-a6f0-56c7-8b23-7f0bd734166b","created":"2026-04-27T10:26:00.000Z","modified":"2026-04-27T10:26:00.000Z","valid_from":"2026-04-27T10:26:00.000Z","name":"d.tmpfile.link","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'd.tmpfile.link']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048710333724860927"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b5c1441-fbd3-5b4f-8bd6-07e7d062d815","created":"2026-04-27T10:26:00.000Z","modified":"2026-04-27T10:26:00.000Z","valid_from":"2026-04-27T10:26:00.000Z","name":"https://d.tmpfile.link/public/2026-04-27/afe0c156-084a-480c-9d8a-7b94450c6a04/ghhjgr.png","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://d.tmpfile.link/public/2026-04-27/afe0c156-084a-480c-9d8a-7b94450c6a04/ghhjgr.png']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048710333724860927"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53b0b171-4d2c-5ea9-a254-2a86c9614ec6","created":"2026-04-27T10:26:00.000Z","modified":"2026-04-27T10:26:00.000Z","valid_from":"2026-04-27T10:26:00.000Z","name":"lapoire6.hopto.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lapoire6.hopto.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048710333724860927"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8708682-50d7-54eb-9c15-67e3660e4def","created":"2026-04-27T10:26:00.000Z","modified":"2026-04-27T10:26:00.000Z","valid_from":"2026-04-27T10:26:00.000Z","name":"http://lapoire6.hopto.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lapoire6.hopto.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048710333724860927"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1018bb22-deaf-5a2b-b3a6-75b24cd6c776","created":"2026-04-27T10:26:00.000Z","modified":"2026-04-27T10:26:00.000Z","valid_from":"2026-04-27T10:26:00.000Z","name":"lapoire7.hopto.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lapoire7.hopto.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048710333724860927"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--727a26e1-0a66-59f6-80e2-462b4dd5de7b","created":"2026-04-27T10:26:00.000Z","modified":"2026-04-27T10:26:00.000Z","valid_from":"2026-04-27T10:26:00.000Z","name":"http://lapoire7.hopto.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lapoire7.hopto.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048710333724860927"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--385f7d53-2bdb-5469-8436-eb93d1b91bef","created":"2026-04-27T10:26:00.000Z","modified":"2026-04-27T10:26:00.000Z","valid_from":"2026-04-27T10:26:00.000Z","name":"lapoire8.hopto.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lapoire8.hopto.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048710333724860927"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44447582-0305-551f-80c9-fad975bcb6bb","created":"2026-04-27T10:26:00.000Z","modified":"2026-04-27T10:26:00.000Z","valid_from":"2026-04-27T10:26:00.000Z","name":"http://lapoire8.hopto.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lapoire8.hopto.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048710333724860927"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa621160-1f6d-5e44-b6b3-042b8cfd272d","created":"2026-04-27T11:15:00.000Z","modified":"2026-04-27T11:15:00.000Z","valid_from":"2026-04-27T11:15:00.000Z","name":"http://104.164.55.223","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.164.55.223']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2048722660113178659"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--82360558-ff7b-54b9-a2b9-e824747883ed","created":"2026-04-27T11:15:00.000Z","modified":"2026-04-27T11:15:00.000Z","valid_from":"2026-04-27T11:15:00.000Z","name":"104.164.55.223","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.164.55.223']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2048722660113178659"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--95ce5809-08be-5aee-9557-3b100b7d9624","created":"2026-04-27T11:17:00.000Z","modified":"2026-04-27T11:17:00.000Z","valid_from":"2026-04-27T11:17:00.000Z","name":"telecom-exceed-aid-charts.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'telecom-exceed-aid-charts.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048723094185934944"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ecf750e-3374-59da-afdb-7728592deaad","created":"2026-04-27T11:17:00.000Z","modified":"2026-04-27T11:17:00.000Z","valid_from":"2026-04-27T11:17:00.000Z","name":"http://telecom-exceed-aid-charts.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://telecom-exceed-aid-charts.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048723094185934944"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--723ddaea-db90-5d2b-91d9-23f90f576985","created":"2026-04-27T12:10:00.000Z","modified":"2026-04-27T12:10:00.000Z","valid_from":"2026-04-27T12:10:00.000Z","name":"b88fa8357f083197cafc14343ab5691a","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'b88fa8357f083197cafc14343ab5691a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2048736634817122775"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ace4525d-e0e0-5474-9479-1d11bc1731c7","created":"2026-04-27T12:24:00.000Z","modified":"2026-04-27T12:24:00.000Z","valid_from":"2026-04-27T12:24:00.000Z","name":"paragon.goodfellasdiner.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'paragon.goodfellasdiner.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048740155817930807"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8181a738-62fe-55d3-9a2f-45bfbb0fac90","created":"2026-04-27T12:24:00.000Z","modified":"2026-04-27T12:24:00.000Z","valid_from":"2026-04-27T12:24:00.000Z","name":"http://paragon.goodfellasdiner.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://paragon.goodfellasdiner.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048740155817930807"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--035f8ac4-075c-5f94-a37a-9c24d4e4258f","created":"2026-04-27T12:29:00.000Z","modified":"2026-04-27T12:29:00.000Z","valid_from":"2026-04-27T12:29:00.000Z","name":"nzrcovqs.nvasz.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nzrcovqs.nvasz.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048741218151240179"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28d5eb88-3ee7-525d-9e90-2f2a19e0da43","created":"2026-04-27T12:29:00.000Z","modified":"2026-04-27T12:29:00.000Z","valid_from":"2026-04-27T12:29:00.000Z","name":"https://nzrcovqs.nvasz.cn/iiufhys/eorio/loging/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nzrcovqs.nvasz.cn/iiufhys/eorio/loging/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048741218151240179"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9a9e504-a5a2-50ee-8b04-8e1d58054c47","created":"2026-04-27T12:29:00.000Z","modified":"2026-04-27T12:29:00.000Z","valid_from":"2026-04-27T12:29:00.000Z","name":"http://43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048741218151240179"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a778ed-12bc-5745-aed6-1d018da22ec4","created":"2026-04-27T12:29:00.000Z","modified":"2026-04-27T12:29:00.000Z","valid_from":"2026-04-27T12:29:00.000Z","name":"43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048741218151240179"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--430a224b-0f47-5295-becc-973e78ce3cee","created":"2026-04-27T12:34:00.000Z","modified":"2026-04-27T12:34:00.000Z","valid_from":"2026-04-27T12:34:00.000Z","name":"netflix-home.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'netflix-home.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048742556083925203"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c9ffb00-a8ff-55e9-952d-09665be51283","created":"2026-04-27T12:34:00.000Z","modified":"2026-04-27T12:34:00.000Z","valid_from":"2026-04-27T12:34:00.000Z","name":"http://netflix-home.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://netflix-home.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2048742556083925203"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71b124df-ffdf-52b7-817c-5bf4e907260d","created":"2026-04-27T12:34:49.000Z","modified":"2026-04-27T12:34:49.000Z","valid_from":"2026-04-27T12:34:49.000Z","name":"dfumbu.fytwfj.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dfumbu.fytwfj.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048742665014157584"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--028ddd87-49f8-5129-837b-38c17281bfbc","created":"2026-04-27T12:34:49.000Z","modified":"2026-04-27T12:34:49.000Z","valid_from":"2026-04-27T12:34:49.000Z","name":"https://dfumbu.fytwfj.cn/nomelo/login_index/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dfumbu.fytwfj.cn/nomelo/login_index/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048742665014157584"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--010c1925-1383-54a7-ad9e-d2992d1cf502","created":"2026-04-27T12:37:00.000Z","modified":"2026-04-27T12:37:00.000Z","valid_from":"2026-04-27T12:37:00.000Z","name":"mac-cleantool.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mac-cleantool.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048743434689949721"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe6c35af-8f41-571c-8e3b-bff40a573f12","created":"2026-04-27T12:37:00.000Z","modified":"2026-04-27T12:37:00.000Z","valid_from":"2026-04-27T12:37:00.000Z","name":"http://mac-cleantool.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mac-cleantool.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048743434689949721"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab5ebb72-4723-5e56-91a9-1f8fa9e9c99d","created":"2026-04-27T12:37:00.000Z","modified":"2026-04-27T12:37:00.000Z","valid_from":"2026-04-27T12:37:00.000Z","name":"dpsmuz.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dpsmuz.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048743434689949721"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d2673c5-d9cf-54af-8b28-7676260e8f38","created":"2026-04-27T12:37:00.000Z","modified":"2026-04-27T12:37:00.000Z","valid_from":"2026-04-27T12:37:00.000Z","name":"http://dpsmuz.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dpsmuz.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048743434689949721"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96b6d731-76b1-51ec-9dcd-d1a58703ce52","created":"2026-04-27T12:38:00.000Z","modified":"2026-04-27T12:38:00.000Z","valid_from":"2026-04-27T12:38:00.000Z","name":"stultiern.iceaz.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'stultiern.iceaz.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048743709538431467"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4994ace8-4bff-58a2-a030-7ac502d368fc","created":"2026-04-27T12:38:00.000Z","modified":"2026-04-27T12:38:00.000Z","valid_from":"2026-04-27T12:38:00.000Z","name":"https://stultiern.iceaz.cn/yual_login_exp/getuug/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://stultiern.iceaz.cn/yual_login_exp/getuug/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048743709538431467"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f8146dc-1d20-5938-959c-297e57dc96ca","created":"2026-04-27T13:29:00.000Z","modified":"2026-04-27T13:29:00.000Z","valid_from":"2026-04-27T13:29:00.000Z","name":"141.147.45.169","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '141.147.45.169']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2048756421609807978"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e9e08a6-c5c4-5645-b6ee-642fe9f0dad5","created":"2026-04-27T13:54:00.000Z","modified":"2026-04-27T13:54:00.000Z","valid_from":"2026-04-27T13:54:00.000Z","name":"http://195.201.104.53","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://195.201.104.53']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2048762621424226310"}],"labels":["APT","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--51698f7b-c4b2-572d-ad0e-1edf75ac3e73","created":"2026-04-27T13:54:00.000Z","modified":"2026-04-27T13:54:00.000Z","valid_from":"2026-04-27T13:54:00.000Z","name":"http://195.201.104.53:6931","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://195.201.104.53:6931']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2048762621424226310"}],"labels":["APT","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--266e824b-c831-5bbb-a86e-c2fb55988117","created":"2026-04-27T13:54:00.000Z","modified":"2026-04-27T13:54:00.000Z","valid_from":"2026-04-27T13:54:00.000Z","name":"http://195.201.104.53:6936","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://195.201.104.53:6936']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2048762621424226310"}],"labels":["APT","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b85d9cfe-27aa-5eae-885f-403e7eb3c63b","created":"2026-04-27T13:54:00.000Z","modified":"2026-04-27T13:54:00.000Z","valid_from":"2026-04-27T13:54:00.000Z","name":"http://195.201.104.53:6939","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://195.201.104.53:6939']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2048762621424226310"}],"labels":["APT","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac19aa44-18d7-5f44-94e7-c9c7be0a0946","created":"2026-04-27T13:54:00.000Z","modified":"2026-04-27T13:54:00.000Z","valid_from":"2026-04-27T13:54:00.000Z","name":"http://216.126.224.220:5976","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://216.126.224.220:5976']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2048762621424226310"}],"labels":["APT","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4810998c-9d19-565c-b860-2f5f81a2fb95","created":"2026-04-27T13:54:00.000Z","modified":"2026-04-27T13:54:00.000Z","valid_from":"2026-04-27T13:54:00.000Z","name":"195.201.104.53","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '195.201.104.53']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2048762621424226310"}],"labels":["APT","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c5ec1d9-ec27-5570-8507-3ec532c9173d","created":"2026-04-27T13:54:00.000Z","modified":"2026-04-27T13:54:00.000Z","valid_from":"2026-04-27T13:54:00.000Z","name":"216.126.224.220","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '216.126.224.220']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2048762621424226310"}],"labels":["APT","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29ea1091-aeb0-5576-9864-5a2dcf80d304","created":"2026-04-27T16:49:00.000Z","modified":"2026-04-27T16:49:00.000Z","valid_from":"2026-04-27T16:49:00.000Z","name":"5c9b09819b196970a867b1d459f9053da38a6a2721f21264324e0a8ffef01e20","description":"IOC reported by @Threatlabz on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5c9b09819b196970a867b1d459f9053da38a6a2721f21264324e0a8ffef01e20']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Threatlabz/status/2048806728083571115"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--417e34b2-552a-5252-83c4-139da417b230","created":"2026-04-27T17:50:00.000Z","modified":"2026-04-27T17:50:00.000Z","valid_from":"2026-04-27T17:50:00.000Z","name":"filehappytomato.com","description":"IOC reported by @brkalbyrk7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'filehappytomato.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/brkalbyrk7/status/2048822026450657391"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f512652-de1a-5128-88ba-c89fc569d65d","created":"2026-04-27T17:50:00.000Z","modified":"2026-04-27T17:50:00.000Z","valid_from":"2026-04-27T17:50:00.000Z","name":"http://filehappytomato.com","description":"IOC reported by @brkalbyrk7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://filehappytomato.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/brkalbyrk7/status/2048822026450657391"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed0a984e-48e9-5386-b348-47df1a948caa","created":"2026-04-27T17:50:00.000Z","modified":"2026-04-27T17:50:00.000Z","valid_from":"2026-04-27T17:50:00.000Z","name":"mendalik.com","description":"IOC reported by @brkalbyrk7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mendalik.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/brkalbyrk7/status/2048822026450657391"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fb51d41-fef8-5bf1-9140-f6bd603453c2","created":"2026-04-27T17:50:00.000Z","modified":"2026-04-27T17:50:00.000Z","valid_from":"2026-04-27T17:50:00.000Z","name":"http://mendalik.com","description":"IOC reported by @brkalbyrk7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mendalik.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/brkalbyrk7/status/2048822026450657391"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b60fbb0-e2fd-53df-950c-9eb839ce64d8","created":"2026-04-27T17:50:00.000Z","modified":"2026-04-27T17:50:00.000Z","valid_from":"2026-04-27T17:50:00.000Z","name":"cvetochek75.com","description":"IOC reported by @brkalbyrk7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cvetochek75.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/brkalbyrk7/status/2048822026450657391"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--709834bd-0337-58ad-8727-9b57a5147c94","created":"2026-04-27T17:50:00.000Z","modified":"2026-04-27T17:50:00.000Z","valid_from":"2026-04-27T17:50:00.000Z","name":"http://cvetochek75.com","description":"IOC reported by @brkalbyrk7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cvetochek75.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/brkalbyrk7/status/2048822026450657391"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7fdd5768-340d-594f-bbc3-d2b6519f6392","created":"2026-04-27T17:50:00.000Z","modified":"2026-04-27T17:50:00.000Z","valid_from":"2026-04-27T17:50:00.000Z","name":"f269d5f280c7f734300d3a6c769fee3f5e1f8cdc50677ed54086984b364f28d2","description":"IOC reported by @brkalbyrk7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'f269d5f280c7f734300d3a6c769fee3f5e1f8cdc50677ed54086984b364f28d2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/brkalbyrk7/status/2048822026450657391"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--73c84bbb-71a7-5609-9fe6-da4068c95189","created":"2026-04-27T17:50:00.000Z","modified":"2026-04-27T17:50:00.000Z","valid_from":"2026-04-27T17:50:00.000Z","name":"897c4f7ac89d96ea2378679cc7dd7accc482add46d9395271dcc5c767bb95f4c","description":"IOC reported by @brkalbyrk7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '897c4f7ac89d96ea2378679cc7dd7accc482add46d9395271dcc5c767bb95f4c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/brkalbyrk7/status/2048822026450657391"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--29b81656-ef74-51e0-b7ac-a48a17a7e213","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"chocolatey.co.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chocolatey.co.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d85547a-8602-5bcd-975f-e8815d874e05","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"http://chocolatey.co.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chocolatey.co.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9e9dd0b-4a72-5e4d-b18e-2f2c57fc2d38","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"chocolatey.net","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chocolatey.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd577460-e15a-5148-b7b2-4017aaf3b53f","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"http://chocolatey.net","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chocolatey.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6cd1ae9b-48db-5921-aeb6-7f27566563e0","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"api.bio9438.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.bio9438.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--566cefb7-0b03-5890-9123-06ee84ea0d1b","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"http://api.bio9438.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.bio9438.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--399e89e5-47bb-5127-8104-fd87d45c3b54","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"olive3451.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'olive3451.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--759f3345-b211-513b-bad0-181f105d0f46","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"http://olive3451.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://olive3451.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a51d752f-df33-5fb2-b164-f57a870d7aec","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"community.chocolatey.net","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'community.chocolatey.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9da7a213-6c3e-5c31-95e5-0add30ada37a","created":"2026-04-27T18:30:00.000Z","modified":"2026-04-27T18:30:00.000Z","valid_from":"2026-04-27T18:30:00.000Z","name":"http://community.chocolatey.net/install.ps1","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://community.chocolatey.net/install.ps1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2048832122618847252"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa8d9215-7941-572e-a57b-5650b702fa8d","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"unlockeblog12s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'unlockeblog12s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5197ee98-75e4-5d3b-ac0f-2f515d5199d1","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"http://unlockeblog12s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://unlockeblog12s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--880c38ef-4277-5e6e-9bfc-3e1fc66f8bd6","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"unlockeblog15s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'unlockeblog15s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6528fee6-bc92-553d-a77e-8b6dc7abb1fa","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"http://unlockeblog15s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://unlockeblog15s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72133830-6921-525a-9ee3-bc99f32b498b","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"eboardreport5s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eboardreport5s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9bcae10-7d42-552d-adb1-803f2570fe1f","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"http://eboardreport5s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eboardreport5s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2dcb4787-6068-586a-a0fb-74bd948195e9","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"unlockeblog10s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'unlockeblog10s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8b40174-aecc-5df9-9f42-0fb847921e77","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"http://unlockeblog10s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://unlockeblog10s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e9adc65-0a4b-5549-9d2d-511753b8aadc","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"eboardreport18s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eboardreport18s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--859b7e22-2f14-562d-87b8-19fff809fc9d","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"http://eboardreport18s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eboardreport18s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a68efea-a279-5542-b9b3-90f7bf4b8a3a","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"unlockeblog19s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'unlockeblog19s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fa2e306-751b-5c72-b4fc-7333c22e6b78","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"http://unlockeblog19s.dynuddns.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://unlockeblog19s.dynuddns.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--852e8859-c7ba-558d-accb-3867905af482","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"enboardingreport18s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'enboardingreport18s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6258d92-1078-5c58-a9b7-61e3dfcd2ecf","created":"2026-04-27T18:59:00.000Z","modified":"2026-04-27T18:59:00.000Z","valid_from":"2026-04-27T18:59:00.000Z","name":"http://enboardingreport18s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://enboardingreport18s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048839411962396813"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a080ef91-2a9c-562c-b6aa-c353bd4367f5","created":"2026-04-27T20:47:00.000Z","modified":"2026-04-27T20:47:00.000Z","valid_from":"2026-04-27T20:47:00.000Z","name":"bf777e4dee6918d2373ba83433b4a7530d6e69465a1b6107ef4fd43f4ea60ec4","description":"IOC reported by @James_inthe_box on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'bf777e4dee6918d2373ba83433b4a7530d6e69465a1b6107ef4fd43f4ea60ec4']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/James_inthe_box/status/2048866534932779273"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2ba4698-71c6-519d-ac49-f626db47d705","created":"2026-04-27T20:54:00.000Z","modified":"2026-04-27T20:54:00.000Z","valid_from":"2026-04-27T20:54:00.000Z","name":"witch-skins-lip-coal.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'witch-skins-lip-coal.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048868515348652107"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef5d68aa-87cd-5f7c-b2b7-9fa1af95783e","created":"2026-04-27T20:54:00.000Z","modified":"2026-04-27T20:54:00.000Z","valid_from":"2026-04-27T20:54:00.000Z","name":"http://witch-skins-lip-coal.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://witch-skins-lip-coal.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2048868515348652107"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--da2ef4ae-f361-5fff-be97-96f6129e17d8","created":"2026-04-27T21:11:00.000Z","modified":"2026-04-27T21:11:00.000Z","valid_from":"2026-04-27T21:11:00.000Z","name":"maiden-apply-looks-education.trycloudflare.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'maiden-apply-looks-education.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2048872565095936175"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e086501-87bf-5f82-809a-f0771507227a","created":"2026-04-27T21:11:00.000Z","modified":"2026-04-27T21:11:00.000Z","valid_from":"2026-04-27T21:11:00.000Z","name":"http://maiden-apply-looks-education.trycloudflare.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://maiden-apply-looks-education.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2048872565095936175"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7aa8a451-0e02-58fa-a595-8d2f8243a10c","created":"2026-04-27T21:17:00.000Z","modified":"2026-04-27T21:17:00.000Z","valid_from":"2026-04-27T21:17:00.000Z","name":"dianegov.co","description":"IOC reported by @hipdead010 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dianegov.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hipdead010/status/2048874206431969653"}],"labels":["AsyncRAT","Dcrat"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30d72adb-3a0c-59fb-8508-e9b5dfd6fe1d","created":"2026-04-27T21:17:00.000Z","modified":"2026-04-27T21:17:00.000Z","valid_from":"2026-04-27T21:17:00.000Z","name":"http://dianegov.co","description":"IOC reported by @hipdead010 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dianegov.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hipdead010/status/2048874206431969653"}],"labels":["AsyncRAT","Dcrat"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17544d08-60f9-5125-b0fd-c73970bb8bd8","created":"2026-04-27T21:17:00.000Z","modified":"2026-04-27T21:17:00.000Z","valid_from":"2026-04-27T21:17:00.000Z","name":"consultaprocesosramajudicialgov.run.place","description":"IOC reported by @hipdead010 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'consultaprocesosramajudicialgov.run.place']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hipdead010/status/2048874206431969653"}],"labels":["AsyncRAT","Dcrat"]},{"type":"indicator","spec_version":"2.1","id":"indicator--95518287-621c-5b09-9e30-9090b6e1adcf","created":"2026-04-27T21:17:00.000Z","modified":"2026-04-27T21:17:00.000Z","valid_from":"2026-04-27T21:17:00.000Z","name":"http://consultaprocesosramajudicialgov.run.place","description":"IOC reported by @hipdead010 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://consultaprocesosramajudicialgov.run.place']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hipdead010/status/2048874206431969653"}],"labels":["AsyncRAT","Dcrat"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d910c557-fa5c-517a-8c05-7f0e7079e7fa","created":"2026-04-27T21:17:00.000Z","modified":"2026-04-27T21:17:00.000Z","valid_from":"2026-04-27T21:17:00.000Z","name":"151.243.109.231","description":"IOC reported by @hipdead010 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '151.243.109.231']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hipdead010/status/2048874206431969653"}],"labels":["AsyncRAT","Dcrat"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea05d0c7-ec83-5808-af99-c9901285f8dc","created":"2026-04-27T21:17:00.000Z","modified":"2026-04-27T21:17:00.000Z","valid_from":"2026-04-27T21:17:00.000Z","name":"02a4812ad5c4caf9f3f3887589f1b2cb9895680c10bffcd762826d4a19b4c9a0","description":"IOC reported by @hipdead010 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '02a4812ad5c4caf9f3f3887589f1b2cb9895680c10bffcd762826d4a19b4c9a0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hipdead010/status/2048874206431969653"}],"labels":["AsyncRAT","Dcrat"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f408d304-2614-56bc-85f4-40a8acef8375","created":"2026-04-27T21:35:00.000Z","modified":"2026-04-27T21:35:00.000Z","valid_from":"2026-04-27T21:35:00.000Z","name":"http://38.83.112.137:443","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://38.83.112.137:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048878734149579050"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa3da443-c392-5bd0-b431-67452a924ecc","created":"2026-04-27T21:35:00.000Z","modified":"2026-04-27T21:35:00.000Z","valid_from":"2026-04-27T21:35:00.000Z","name":"http://38.83.112.137:3000","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://38.83.112.137:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048878734149579050"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa1479c5-e963-5888-9087-460a926d0079","created":"2026-04-27T21:35:00.000Z","modified":"2026-04-27T21:35:00.000Z","valid_from":"2026-04-27T21:35:00.000Z","name":"http://149.56.141.176:8081","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://149.56.141.176:8081']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048878734149579050"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--df0bba39-c4ff-5ecc-b9a5-434db5e246b7","created":"2026-04-27T21:35:00.000Z","modified":"2026-04-27T21:35:00.000Z","valid_from":"2026-04-27T21:35:00.000Z","name":"http://193.181.211.79:5001","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.181.211.79:5001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048878734149579050"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--295e894b-c797-5106-bd4b-8cb04a3036e3","created":"2026-04-27T21:35:00.000Z","modified":"2026-04-27T21:35:00.000Z","valid_from":"2026-04-27T21:35:00.000Z","name":"http://77.110.120.34:5000","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://77.110.120.34:5000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048878734149579050"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5df7764b-4122-5739-bd31-0eaaf546dab8","created":"2026-04-27T21:35:00.000Z","modified":"2026-04-27T21:35:00.000Z","valid_from":"2026-04-27T21:35:00.000Z","name":"38.83.112.137","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.83.112.137']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048878734149579050"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef7797d8-73ab-52b4-9d10-8c87295f2307","created":"2026-04-27T21:35:00.000Z","modified":"2026-04-27T21:35:00.000Z","valid_from":"2026-04-27T21:35:00.000Z","name":"149.56.141.176","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '149.56.141.176']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048878734149579050"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b91cf2e5-d412-5a7c-80a3-ea2399f48638","created":"2026-04-27T21:35:00.000Z","modified":"2026-04-27T21:35:00.000Z","valid_from":"2026-04-27T21:35:00.000Z","name":"193.181.211.79","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.181.211.79']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048878734149579050"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--06e78ec5-e8e9-52f7-99f7-14a40f7477d8","created":"2026-04-27T21:35:00.000Z","modified":"2026-04-27T21:35:00.000Z","valid_from":"2026-04-27T21:35:00.000Z","name":"77.110.120.34","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.110.120.34']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048878734149579050"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--94a25cca-b9c9-5988-83a9-9b3ba75fde45","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"edeliever-address-verify.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edeliever-address-verify.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7611383-c387-5435-8a2a-e893d298ab60","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"http://edeliever-address-verify.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edeliever-address-verify.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cbd996f6-02eb-5a99-9261-11dbb1b4bc55","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"appleviewer.sbs","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'appleviewer.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--86134fd0-42c4-56a6-b2e2-04255fade5b4","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"http://appleviewer.sbs","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://appleviewer.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--717e6057-b80e-525f-bb09-c7c6cd8b5cd5","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"digital-notice-kr.sbs","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'digital-notice-kr.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f761ff5-73d3-5e23-b9cf-fb7442f7df79","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"http://digital-notice-kr.sbs","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://digital-notice-kr.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3b8a7c0-9d28-5d91-9cc4-87fa250807dd","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"public-revenue-info.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'public-revenue-info.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--34b932db-f985-5e05-987a-975b729b1ada","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"http://public-revenue-info.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://public-revenue-info.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d8b71b0-d977-54c6-9228-72de17bdbb30","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"urgent-notice-check.click","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'urgent-notice-check.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--63fc9da9-3dd4-5719-970a-2a03aecf9b78","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"http://urgent-notice-check.click","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://urgent-notice-check.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1714b67c-1830-503c-9707-865e9b68bdff","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"epdf-user-view.quest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'epdf-user-view.quest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb524ecd-98da-5495-8c42-1ca6410d96b2","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"http://epdf-user-view.quest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://epdf-user-view.quest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--02b3c282-1711-594a-8381-3e556dcc885b","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"digital-post.live","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'digital-post.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8c8e4c7-0958-51a2-8e4a-0d8727aae632","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"http://digital-post.live","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://digital-post.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e1355f9-9378-5c35-a8b3-0f65f4d5a072","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"official-notice.click","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'official-notice.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9141ba24-4428-5364-b229-f70c415704f8","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"http://official-notice.click","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://official-notice.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c39f9470-3c72-5551-b3aa-8a597a5db058","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"http://152.32.243.224","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://152.32.243.224']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fcfe4b6-559a-53fb-b2d2-44a03c055989","created":"2026-04-27T22:54:00.000Z","modified":"2026-04-27T22:54:00.000Z","valid_from":"2026-04-27T22:54:00.000Z","name":"152.32.243.224","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '152.32.243.224']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048898639506891100"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b2f4e16-28f5-5ce7-b307-9bbbf5c831d1","created":"2026-04-27T23:04:00.000Z","modified":"2026-04-27T23:04:00.000Z","valid_from":"2026-04-27T23:04:00.000Z","name":"newday.inet-mark.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newday.inet-mark.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048901120009880019"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e683be8-ed6f-5130-b6d5-b185efc2d5fa","created":"2026-04-27T23:04:00.000Z","modified":"2026-04-27T23:04:00.000Z","valid_from":"2026-04-27T23:04:00.000Z","name":"http://newday.inet-mark.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newday.inet-mark.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048901120009880019"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e0776d3-aefe-5f95-ac48-f0a4b79e578d","created":"2026-04-27T23:04:00.000Z","modified":"2026-04-27T23:04:00.000Z","valid_from":"2026-04-27T23:04:00.000Z","name":"terazosine.fit","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'terazosine.fit']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048901120009880019"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--004cf49b-fc3d-51ff-88c9-305c9b9636fe","created":"2026-04-27T23:04:00.000Z","modified":"2026-04-27T23:04:00.000Z","valid_from":"2026-04-27T23:04:00.000Z","name":"http://terazosine.fit","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://terazosine.fit']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2048901120009880019"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e051b56-5d10-546b-8990-2be89a29ed08","created":"2026-04-28T00:05:00.000Z","modified":"2026-04-28T00:05:00.000Z","valid_from":"2026-04-28T00:05:00.000Z","name":"723pt5dc2plfexrfvudhdhzvesgesqbcl4yivijjubptnogukxxv3hqd.onion","description":"IOC reported by @PaduckLee on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '723pt5dc2plfexrfvudhdhzvesgesqbcl4yivijjubptnogukxxv3hqd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PaduckLee/status/2048916422630466037"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a540e63b-8ba7-564c-b22d-56be565514ea","created":"2026-04-28T00:05:00.000Z","modified":"2026-04-28T00:05:00.000Z","valid_from":"2026-04-28T00:05:00.000Z","name":"http://723pt5dc2plfexrfvudhdhzvesgesqbcl4yivijjubptnogukxxv3hqd.onion","description":"IOC reported by @PaduckLee on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://723pt5dc2plfexrfvudhdhzvesgesqbcl4yivijjubptnogukxxv3hqd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PaduckLee/status/2048916422630466037"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0ee397e-b4b5-5819-9f90-3525f5021017","created":"2026-04-28T00:05:00.000Z","modified":"2026-04-28T00:05:00.000Z","valid_from":"2026-04-28T00:05:00.000Z","name":"44b00a98918e058650aeaacc741d10e5","description":"IOC reported by @PaduckLee on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '44b00a98918e058650aeaacc741d10e5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PaduckLee/status/2048916422630466037"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7238fe1f-be6e-5d3f-9d08-a86ab49a05bc","created":"2026-04-28T00:07:00.000Z","modified":"2026-04-28T00:07:00.000Z","valid_from":"2026-04-28T00:07:00.000Z","name":"6.accessbenefitscenter.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '6.accessbenefitscenter.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2048917088593461541"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d8b6570-8060-5cc8-bb89-3e6751fda9ab","created":"2026-04-28T00:07:00.000Z","modified":"2026-04-28T00:07:00.000Z","valid_from":"2026-04-28T00:07:00.000Z","name":"https://6.accessbenefitscenter.com/journey?rdrx=1&s=3b5ee3cc-638c-4c17-967f-b0e56fbfbbe2#back","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://6.accessbenefitscenter.com/journey?rdrx=1&s=3b5ee3cc-638c-4c17-967f-b0e56fbfbbe2#back']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2048917088593461541"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3cc2451b-2052-5b54-9e7a-226ffd556704","created":"2026-04-28T01:01:13.000Z","modified":"2026-04-28T01:01:13.000Z","valid_from":"2026-04-28T01:01:13.000Z","name":"macclrupspace.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'macclrupspace.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048930503227801657"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e01f34e-113e-5f22-88c6-fe9ed43d9deb","created":"2026-04-28T01:01:13.000Z","modified":"2026-04-28T01:01:13.000Z","valid_from":"2026-04-28T01:01:13.000Z","name":"http://macclrupspace.gitlab.io","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://macclrupspace.gitlab.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048930503227801657"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e630af09-7ac9-5bdd-aa36-d4ea955c69ad","created":"2026-04-28T01:01:13.000Z","modified":"2026-04-28T01:01:13.000Z","valid_from":"2026-04-28T01:01:13.000Z","name":"termopasta.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'termopasta.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048930503227801657"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1eb83de-3d0c-5d93-869f-7f1c085c5293","created":"2026-04-28T01:01:13.000Z","modified":"2026-04-28T01:01:13.000Z","valid_from":"2026-04-28T01:01:13.000Z","name":"http://termopasta.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://termopasta.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048930503227801657"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0be94d36-f4ba-56b9-98b7-a7b8e216d3b8","created":"2026-04-28T01:41:00.000Z","modified":"2026-04-28T01:41:00.000Z","valid_from":"2026-04-28T01:41:00.000Z","name":"lcatscpzx.cz592401.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lcatscpzx.cz592401.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048940649949614538"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5dc7b6eb-4e08-5d52-8283-8220b310ac4c","created":"2026-04-28T01:41:00.000Z","modified":"2026-04-28T01:41:00.000Z","valid_from":"2026-04-28T01:41:00.000Z","name":"https://lcatscpzx.cz592401.cn/optmer-prefere_html/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://lcatscpzx.cz592401.cn/optmer-prefere_html/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048940649949614538"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9a9e504-a5a2-50ee-8b04-8e1d58054c47","created":"2026-04-28T01:41:00.000Z","modified":"2026-04-28T01:41:00.000Z","valid_from":"2026-04-28T01:41:00.000Z","name":"http://43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048940649949614538"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a778ed-12bc-5745-aed6-1d018da22ec4","created":"2026-04-28T01:41:00.000Z","modified":"2026-04-28T01:41:00.000Z","valid_from":"2026-04-28T01:41:00.000Z","name":"43.165.166.156","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.165.166.156']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048940649949614538"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--053f7263-389e-58a2-b714-aba6e5ef5ecb","created":"2026-04-28T01:52:00.000Z","modified":"2026-04-28T01:52:00.000Z","valid_from":"2026-04-28T01:52:00.000Z","name":"site4-sbisec.gsy2cg1u.shop","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'site4-sbisec.gsy2cg1u.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048943310602227836"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71c2d15f-d36d-5ff9-b2e0-0e294becbd37","created":"2026-04-28T01:52:00.000Z","modified":"2026-04-28T01:52:00.000Z","valid_from":"2026-04-28T01:52:00.000Z","name":"https://site4-sbisec.gsy2cg1u.shop/login","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://site4-sbisec.gsy2cg1u.shop/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048943310602227836"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0dcf57b2-0fb9-51ac-9bfe-cca91a08e354","created":"2026-04-28T01:52:00.000Z","modified":"2026-04-28T01:52:00.000Z","valid_from":"2026-04-28T01:52:00.000Z","name":"http://172.67.130.142","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.130.142']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048943310602227836"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f377f724-0ac4-53d7-b6e7-e4c03505d097","created":"2026-04-28T01:52:00.000Z","modified":"2026-04-28T01:52:00.000Z","valid_from":"2026-04-28T01:52:00.000Z","name":"http://104.21.8.163","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.8.163']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048943310602227836"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0e9fd39-8beb-538f-8742-000fa7e8864e","created":"2026-04-28T02:03:00.000Z","modified":"2026-04-28T02:03:00.000Z","valid_from":"2026-04-28T02:03:00.000Z","name":"pseudotachylite.cfd","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pseudotachylite.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048946258849808698"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41ce7935-6390-5b54-9f69-bc2dc793f4d2","created":"2026-04-28T02:03:00.000Z","modified":"2026-04-28T02:03:00.000Z","valid_from":"2026-04-28T02:03:00.000Z","name":"https://www.pseudotachylite.cfd/myNZ6X","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.pseudotachylite.cfd/myNZ6X']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048946258849808698"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e770644e-2657-50ba-9a8e-04f211719df0","created":"2026-04-28T02:03:00.000Z","modified":"2026-04-28T02:03:00.000Z","valid_from":"2026-04-28T02:03:00.000Z","name":"http://172.67.152.169","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.152.169']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048946258849808698"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bb6efbd-11bc-59b5-827c-de8fa022ed72","created":"2026-04-28T02:03:00.000Z","modified":"2026-04-28T02:03:00.000Z","valid_from":"2026-04-28T02:03:00.000Z","name":"http://104.21.82.38","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.82.38']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2048946258849808698"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7279dfc6-0b32-5712-89ef-a17a4b399a72","created":"2026-04-28T03:37:00.000Z","modified":"2026-04-28T03:37:00.000Z","valid_from":"2026-04-28T03:37:00.000Z","name":"site4-sbisec.gtt6ss20.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'site4-sbisec.gtt6ss20.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048969911708602441"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab4085a3-4e35-5e30-845d-e62fedcc4c76","created":"2026-04-28T03:37:00.000Z","modified":"2026-04-28T03:37:00.000Z","valid_from":"2026-04-28T03:37:00.000Z","name":"https://site4-sbisec.gtt6ss20.shop/login","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://site4-sbisec.gtt6ss20.shop/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2048969911708602441"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1577983a-fad6-5f8f-a554-cb3ae2856523","created":"2026-04-28T04:50:00.000Z","modified":"2026-04-28T04:50:00.000Z","valid_from":"2026-04-28T04:50:00.000Z","name":"217.145.227.150","description":"IOC reported by @solostalking on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '217.145.227.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/solostalking/status/2048988205882732888"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--994370da-6758-5346-92e0-04d3a514cee7","created":"2026-04-28T05:35:00.000Z","modified":"2026-04-28T05:35:00.000Z","valid_from":"2026-04-28T05:35:00.000Z","name":"8.222.225.32","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.222.225.32']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2048999422495711437"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c17d123e-58aa-5428-a73d-f0d90b877e37","created":"2026-04-28T05:35:00.000Z","modified":"2026-04-28T05:35:00.000Z","valid_from":"2026-04-28T05:35:00.000Z","name":"108.187.4.36","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '108.187.4.36']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2048999422495711437"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a65cc3c-2a22-5954-b83a-fd4a1bc5d11f","created":"2026-04-28T05:49:00.000Z","modified":"2026-04-28T05:49:00.000Z","valid_from":"2026-04-28T05:49:00.000Z","name":"4f500333f102a9352418f14ff2973bb9","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '4f500333f102a9352418f14ff2973bb9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049003157532115232"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6451dac3-067d-5085-8a6f-38487ebd4ddf","created":"2026-04-28T05:59:00.000Z","modified":"2026-04-28T05:59:00.000Z","valid_from":"2026-04-28T05:59:00.000Z","name":"dd307599773b339f789d0929ffc81c79","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'dd307599773b339f789d0929ffc81c79']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049005523710939553"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8981a96e-33c0-5682-baae-0d368aaba230","created":"2026-04-28T06:13:07.000Z","modified":"2026-04-28T06:13:07.000Z","valid_from":"2026-04-28T06:13:07.000Z","name":"160.179.52.9","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '160.179.52.9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049008992966590860"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--69747617-0198-5030-aafd-d95793ba7702","created":"2026-04-28T07:19:00.000Z","modified":"2026-04-28T07:19:00.000Z","valid_from":"2026-04-28T07:19:00.000Z","name":"192.151.146.82","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.151.146.82']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049025572584493443"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d294bb56-5eff-5a5f-93ba-534aee69e1dc","created":"2026-04-28T07:40:00.000Z","modified":"2026-04-28T07:40:00.000Z","valid_from":"2026-04-28T07:40:00.000Z","name":"144.31.221.172","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '144.31.221.172']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049030857780867342"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39177810-e989-5edf-a45f-323d1691213c","created":"2026-04-28T08:05:00.000Z","modified":"2026-04-28T08:05:00.000Z","valid_from":"2026-04-28T08:05:00.000Z","name":"vavny.oflndm.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vavny.oflndm.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2049037385464479769"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--183ae399-f395-50b7-a823-83a698e50edf","created":"2026-04-28T08:05:00.000Z","modified":"2026-04-28T08:05:00.000Z","valid_from":"2026-04-28T08:05:00.000Z","name":"https://vavny.oflndm.cn/RSV_P/smart_index.htm/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://vavny.oflndm.cn/RSV_P/smart_index.htm/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2049037385464479769"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a154ccf-1a30-54b0-a7a9-fb1b50b2ceb6","created":"2026-04-28T08:20:00.000Z","modified":"2026-04-28T08:20:00.000Z","valid_from":"2026-04-28T08:20:00.000Z","name":"mhqajiz.bl8cz6.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mhqajiz.bl8cz6.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2049041046399779218"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af97c322-b29e-5ddc-a662-315688b84b4f","created":"2026-04-28T08:20:00.000Z","modified":"2026-04-28T08:20:00.000Z","valid_from":"2026-04-28T08:20:00.000Z","name":"https://mhqajiz.bl8cz6.cn/apusetop/jupindx/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mhqajiz.bl8cz6.cn/apusetop/jupindx/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2049041046399779218"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8489124-4df9-539b-a2c4-5e57081fc653","created":"2026-04-28T08:49:00.000Z","modified":"2026-04-28T08:49:00.000Z","valid_from":"2026-04-28T08:49:00.000Z","name":"185.107.74.61","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.107.74.61']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049048221859590380"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00835c96-3e01-5a52-ac9f-5868ae70a331","created":"2026-04-28T09:06:00.000Z","modified":"2026-04-28T09:06:00.000Z","valid_from":"2026-04-28T09:06:00.000Z","name":"xan3ri.cfd","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xan3ri.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2049052715871772726"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--470eed6b-d61e-5e7f-b5f7-f7e129fc6056","created":"2026-04-28T09:06:00.000Z","modified":"2026-04-28T09:06:00.000Z","valid_from":"2026-04-28T09:06:00.000Z","name":"https://xan3ri.cfd/dulidpgo/PbkHGx/LTjfPu","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://xan3ri.cfd/dulidpgo/PbkHGx/LTjfPu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2049052715871772726"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e1ead8c-e728-55e8-a1ae-9d4c4ecca307","created":"2026-04-28T09:30:00.000Z","modified":"2026-04-28T09:30:00.000Z","valid_from":"2026-04-28T09:30:00.000Z","name":"lotuscare.com.my","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lotuscare.com.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049058768508342486"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--706e30f9-c5d5-51cd-b3c1-edf61b1bd201","created":"2026-04-28T09:30:00.000Z","modified":"2026-04-28T09:30:00.000Z","valid_from":"2026-04-28T09:30:00.000Z","name":"https://www.lotuscare.com.my/Keller.ps1","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.lotuscare.com.my/Keller.ps1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049058768508342486"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--438606d8-66cd-57d9-b5ed-7afb5f367921","created":"2026-04-28T09:40:00.000Z","modified":"2026-04-28T09:40:00.000Z","valid_from":"2026-04-28T09:40:00.000Z","name":"hx1.bounceme.net","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hx1.bounceme.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049061239314076024"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8387938f-3a98-5aa3-844f-b99317808984","created":"2026-04-28T09:40:00.000Z","modified":"2026-04-28T09:40:00.000Z","valid_from":"2026-04-28T09:40:00.000Z","name":"https://hx1.bounceme.net:4433/victim.dll","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://hx1.bounceme.net:4433/victim.dll']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049061239314076024"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1b66f17-d849-5080-a90e-c7298cd3eecc","created":"2026-04-28T10:08:00.000Z","modified":"2026-04-28T10:08:00.000Z","valid_from":"2026-04-28T10:08:00.000Z","name":"xtrafftrck.net","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xtrafftrck.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049068289607737541"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a91c04a-71f5-5529-8531-5488121c3ca2","created":"2026-04-28T10:08:00.000Z","modified":"2026-04-28T10:08:00.000Z","valid_from":"2026-04-28T10:08:00.000Z","name":"http://xtrafftrck.net:3000","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xtrafftrck.net:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049068289607737541"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ace57aa-1c49-587f-aa93-af3a29407caf","created":"2026-04-28T10:09:00.000Z","modified":"2026-04-28T10:09:00.000Z","valid_from":"2026-04-28T10:09:00.000Z","name":"vpntop.com.cn","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vpntop.com.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049068445682037229"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9d90f1d-3c56-57a0-a3cc-baabf5f917ef","created":"2026-04-28T10:09:00.000Z","modified":"2026-04-28T10:09:00.000Z","valid_from":"2026-04-28T10:09:00.000Z","name":"https://vpntop.com.cn/letsvpn_v3.5.6_x64.msi","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://vpntop.com.cn/letsvpn_v3.5.6_x64.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049068445682037229"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d452ec4-937d-57b8-9e52-c6d6c29e228c","created":"2026-04-28T11:24:00.000Z","modified":"2026-04-28T11:24:00.000Z","valid_from":"2026-04-28T11:24:00.000Z","name":"http://151.240.151.83","description":"IOC reported by @SansLimit3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://151.240.151.83']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SansLimit3/status/2049087449234645347"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--244672c7-eee0-526e-971d-a3261f6ba216","created":"2026-04-28T11:24:00.000Z","modified":"2026-04-28T11:24:00.000Z","valid_from":"2026-04-28T11:24:00.000Z","name":"https://151.240.151.83/:9090","description":"IOC reported by @SansLimit3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://151.240.151.83/:9090']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SansLimit3/status/2049087449234645347"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c1b4e84-8327-56be-b10d-b47922c0fb9d","created":"2026-04-28T11:24:00.000Z","modified":"2026-04-28T11:24:00.000Z","valid_from":"2026-04-28T11:24:00.000Z","name":"151.240.151.83","description":"IOC reported by @SansLimit3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '151.240.151.83']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SansLimit3/status/2049087449234645347"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--459d5281-7680-5a38-8cab-008d98f49b07","created":"2026-04-28T12:08:00.000Z","modified":"2026-04-28T12:08:00.000Z","valid_from":"2026-04-28T12:08:00.000Z","name":"glowmedaesthetics.com","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'glowmedaesthetics.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049098438089073128"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc00f852-1d86-5d06-96cf-49ba1ff4e09e","created":"2026-04-28T12:08:00.000Z","modified":"2026-04-28T12:08:00.000Z","valid_from":"2026-04-28T12:08:00.000Z","name":"http://glowmedaesthetics.com","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://glowmedaesthetics.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049098438089073128"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8982a8aa-58b1-5948-a5a4-49177106a85b","created":"2026-04-28T12:08:00.000Z","modified":"2026-04-28T12:08:00.000Z","valid_from":"2026-04-28T12:08:00.000Z","name":"4fd228e2bbe7eca0dc1e44c0662018bb","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '4fd228e2bbe7eca0dc1e44c0662018bb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049098438089073128"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be0cf019-fa7c-5d4e-ad5a-1e4382ab058e","created":"2026-04-28T12:21:00.000Z","modified":"2026-04-28T12:21:00.000Z","valid_from":"2026-04-28T12:21:00.000Z","name":"barberspot.in","description":"IOC reported by @Slvlombardo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'barberspot.in']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Slvlombardo/status/2049101792466571632"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2070b9a-db55-571c-ae6b-be257dc65ece","created":"2026-04-28T12:21:00.000Z","modified":"2026-04-28T12:21:00.000Z","valid_from":"2026-04-28T12:21:00.000Z","name":"https://barberspot.in/2ininjbbv/c22f55rr/sd0x2yy/:right_arrow_curving_down","description":"IOC reported by @Slvlombardo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://barberspot.in/2ininjbbv/c22f55rr/sd0x2yy/:right_arrow_curving_down']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Slvlombardo/status/2049101792466571632"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--74dcc21f-57cd-59d6-981d-b34827d9deb1","created":"2026-04-28T12:21:00.000Z","modified":"2026-04-28T12:21:00.000Z","valid_from":"2026-04-28T12:21:00.000Z","name":"it-me-id-pagit-id.com","description":"IOC reported by @Slvlombardo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'it-me-id-pagit-id.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Slvlombardo/status/2049101792466571632"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a924f3f8-bf25-52e2-bf71-9359cd576e8d","created":"2026-04-28T12:21:00.000Z","modified":"2026-04-28T12:21:00.000Z","valid_from":"2026-04-28T12:21:00.000Z","name":"https://it-me-id-pagit-id.com/wenfiIT/lderIT/cellta-net/app/log.php","description":"IOC reported by @Slvlombardo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://it-me-id-pagit-id.com/wenfiIT/lderIT/cellta-net/app/log.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Slvlombardo/status/2049101792466571632"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb75fcb5-e9c4-558f-8cdd-9eab7871cdf0","created":"2026-04-28T12:24:00.000Z","modified":"2026-04-28T12:24:00.000Z","valid_from":"2026-04-28T12:24:00.000Z","name":"http://43.165.7.227","description":"IOC reported by @The_lesyk on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://43.165.7.227']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/The_lesyk/status/2049102376171135373"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed180174-a74c-569e-b5b6-0a3edc094a31","created":"2026-04-28T12:24:00.000Z","modified":"2026-04-28T12:24:00.000Z","valid_from":"2026-04-28T12:24:00.000Z","name":"43.165.7.227","description":"IOC reported by @The_lesyk on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.165.7.227']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/The_lesyk/status/2049102376171135373"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--233ebe07-30ea-5d9b-a46f-efe4bd81e283","created":"2026-04-28T12:55:00.000Z","modified":"2026-04-28T12:55:00.000Z","valid_from":"2026-04-28T12:55:00.000Z","name":"163cf00168d6fd28366db6c88a1216f95b10b8bb71359d161b542a67c40bffc0","description":"IOC reported by @Sandguard_malwR on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '163cf00168d6fd28366db6c88a1216f95b10b8bb71359d161b542a67c40bffc0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Sandguard_malwR/status/2049110376495636846"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--494677a3-8fcd-576d-a206-f10af15b2d79","created":"2026-04-28T13:53:00.000Z","modified":"2026-04-28T13:53:00.000Z","valid_from":"2026-04-28T13:53:00.000Z","name":"http://66.179.248.120/img/","description":"IOC reported by @James_inthe_box on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://66.179.248.120/img/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/James_inthe_box/status/2049124737096527922"}],"labels":["Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e5ae866-e86f-50b7-8a8f-853dad7977e2","created":"2026-04-28T13:53:00.000Z","modified":"2026-04-28T13:53:00.000Z","valid_from":"2026-04-28T13:53:00.000Z","name":"http://23.95.62.25:7070","description":"IOC reported by @James_inthe_box on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://23.95.62.25:7070']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/James_inthe_box/status/2049124737096527922"}],"labels":["Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--401f934d-1471-5012-941b-8d95d915820c","created":"2026-04-28T13:53:00.000Z","modified":"2026-04-28T13:53:00.000Z","valid_from":"2026-04-28T13:53:00.000Z","name":"66.179.248.120","description":"IOC reported by @James_inthe_box on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '66.179.248.120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/James_inthe_box/status/2049124737096527922"}],"labels":["Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c1539c7-9f9d-5bcc-90b4-83505b7b6770","created":"2026-04-28T13:53:00.000Z","modified":"2026-04-28T13:53:00.000Z","valid_from":"2026-04-28T13:53:00.000Z","name":"23.95.62.25","description":"IOC reported by @James_inthe_box on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '23.95.62.25']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/James_inthe_box/status/2049124737096527922"}],"labels":["Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31ec7f93-0aa2-58cd-a390-73e29318284b","created":"2026-04-28T14:54:00.000Z","modified":"2026-04-28T14:54:00.000Z","valid_from":"2026-04-28T14:54:00.000Z","name":"http://78.11.101.78/Beastmode.sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://78.11.101.78/Beastmode.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049140297595080819"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--784daae3-e8ae-5759-87a1-c61722478175","created":"2026-04-28T14:54:00.000Z","modified":"2026-04-28T14:54:00.000Z","valid_from":"2026-04-28T14:54:00.000Z","name":"http://78.11.10.78/Beastmode.sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://78.11.10.78/Beastmode.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049140297595080819"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b4df613-423e-53c1-ae03-7246cf13b374","created":"2026-04-28T14:54:00.000Z","modified":"2026-04-28T14:54:00.000Z","valid_from":"2026-04-28T14:54:00.000Z","name":"137.184.20.87","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '137.184.20.87']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049140297595080819"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3271619-3695-5291-a3dd-9ed73894cb63","created":"2026-04-28T14:54:00.000Z","modified":"2026-04-28T14:54:00.000Z","valid_from":"2026-04-28T14:54:00.000Z","name":"78.11.101.78","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '78.11.101.78']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049140297595080819"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--54bc94bf-c3eb-52ae-93f0-dc0ab5880522","created":"2026-04-28T14:54:00.000Z","modified":"2026-04-28T14:54:00.000Z","valid_from":"2026-04-28T14:54:00.000Z","name":"78.11.10.78","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '78.11.10.78']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049140297595080819"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d033fd1-dda7-57ee-9981-c8e9db609488","created":"2026-04-28T14:54:00.000Z","modified":"2026-04-28T14:54:00.000Z","valid_from":"2026-04-28T14:54:00.000Z","name":"78.11.10.7","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '78.11.10.7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049140297595080819"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1dd6ec2-0d7e-5e2b-b74e-6acca171d7d1","created":"2026-04-28T14:54:00.000Z","modified":"2026-04-28T14:54:00.000Z","valid_from":"2026-04-28T14:54:00.000Z","name":"77.111.101.78","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.111.101.78']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049140297595080819"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce4e2316-6210-581c-bec9-42c1466c8f69","created":"2026-04-28T14:54:00.000Z","modified":"2026-04-28T14:54:00.000Z","valid_from":"2026-04-28T14:54:00.000Z","name":"77.11.101.78","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.11.101.78']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049140297595080819"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f0325bd-ef7c-559b-867e-c8e8bd923011","created":"2026-04-28T14:59:00.000Z","modified":"2026-04-28T14:59:00.000Z","valid_from":"2026-04-28T14:59:00.000Z","name":"Pastee.dev","description":"IOC reported by @vmray on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Pastee.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/vmray/status/2049141348926669126"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--24467b68-d6c4-5c32-a230-236d864e10b5","created":"2026-04-28T14:59:00.000Z","modified":"2026-04-28T14:59:00.000Z","valid_from":"2026-04-28T14:59:00.000Z","name":"http://Pastee.dev","description":"IOC reported by @vmray on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Pastee.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/vmray/status/2049141348926669126"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ba25530-c822-5b41-8474-c68b26286364","created":"2026-04-28T15:14:00.000Z","modified":"2026-04-28T15:14:00.000Z","valid_from":"2026-04-28T15:14:00.000Z","name":"42a1aded85892a80c83f741a7ac00e7e75015166c3be0bae29d93d3a4714711d","description":"IOC reported by @anylink20240604 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '42a1aded85892a80c83f741a7ac00e7e75015166c3be0bae29d93d3a4714711d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/anylink20240604/status/2049145349793804744"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64514066-be59-544d-98d1-a234b295350e","created":"2026-04-28T15:18:40.000Z","modified":"2026-04-28T15:18:40.000Z","valid_from":"2026-04-28T15:18:40.000Z","name":"info@erreklamatu.com","description":"IOC reported by @Erreklamatu on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info@erreklamatu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Erreklamatu/status/2049146287652536675"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc8a2305-9831-501e-8758-24ade4a06fa1","created":"2026-04-28T15:18:40.000Z","modified":"2026-04-28T15:18:40.000Z","valid_from":"2026-04-28T15:18:40.000Z","name":"https://info@erreklamatu.com","description":"IOC reported by @Erreklamatu on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://info@erreklamatu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Erreklamatu/status/2049146287652536675"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1b6f075-1e86-54c2-a0c0-dc776910bea8","created":"2026-04-28T15:27:00.000Z","modified":"2026-04-28T15:27:00.000Z","valid_from":"2026-04-28T15:27:00.000Z","name":"meekys.mtffx.cn","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'meekys.mtffx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049148402471145825"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8dcff19-9c8a-5d1f-8a33-2620747f3b3a","created":"2026-04-28T15:27:00.000Z","modified":"2026-04-28T15:27:00.000Z","valid_from":"2026-04-28T15:27:00.000Z","name":"https://meekys.mtffx.cn/gpajp/accunt/lginox/","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://meekys.mtffx.cn/gpajp/accunt/lginox/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049148402471145825"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b893de2-d621-5bd2-955e-8b5ec32673c7","created":"2026-04-28T16:06:00.000Z","modified":"2026-04-28T16:06:00.000Z","valid_from":"2026-04-28T16:06:00.000Z","name":"80d5202d63558ed81be51101c65bc98a2bbda74084b46acd58ce48607da8a3a3","description":"IOC reported by @L0Psec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '80d5202d63558ed81be51101c65bc98a2bbda74084b46acd58ce48607da8a3a3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/L0Psec/status/2049158325372125450"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--96ff2d8b-2e62-5846-9eca-f76448ddec3d","created":"2026-04-28T16:30:00.000Z","modified":"2026-04-28T16:30:00.000Z","valid_from":"2026-04-28T16:30:00.000Z","name":"https://217.60.241.36/sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://217.60.241.36/sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049164321519779866"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7aeece9-98c4-58c9-9027-29428688a617","created":"2026-04-28T16:30:00.000Z","modified":"2026-04-28T16:30:00.000Z","valid_from":"2026-04-28T16:30:00.000Z","name":"115.190.211.111","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '115.190.211.111']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049164321519779866"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--40543067-2f15-5595-9a21-4e7fffa577d8","created":"2026-04-28T16:30:00.000Z","modified":"2026-04-28T16:30:00.000Z","valid_from":"2026-04-28T16:30:00.000Z","name":"217.60.241.36","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '217.60.241.36']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049164321519779866"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d3995ec-c50c-5bb0-a196-a397b0242a63","created":"2026-04-28T16:30:00.000Z","modified":"2026-04-28T16:30:00.000Z","valid_from":"2026-04-28T16:30:00.000Z","name":"8c45305df1afb2a9d0249ba3d0576b41","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8c45305df1afb2a9d0249ba3d0576b41']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049164321519779866"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6b8711c-c716-5bc3-a0f7-fb2a924eb192","created":"2026-04-28T17:22:00.000Z","modified":"2026-04-28T17:22:00.000Z","valid_from":"2026-04-28T17:22:00.000Z","name":"scp749.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'scp749.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049177426706481303"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--731fdc83-a54e-5afd-b28d-e386a52367e2","created":"2026-04-28T17:22:00.000Z","modified":"2026-04-28T17:22:00.000Z","valid_from":"2026-04-28T17:22:00.000Z","name":"http://scp749.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://scp749.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049177426706481303"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--51e53a85-338b-573b-9f01-0fd307463d51","created":"2026-04-28T18:14:08.000Z","modified":"2026-04-28T18:14:08.000Z","valid_from":"2026-04-28T18:14:08.000Z","name":"vayusena.online","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vayusena.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049190442084835702"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9026883-8e6f-59fc-91f2-463f61ea997b","created":"2026-04-28T18:14:08.000Z","modified":"2026-04-28T18:14:08.000Z","valid_from":"2026-04-28T18:14:08.000Z","name":"https://vayusena.online/login","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://vayusena.online/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049190442084835702"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7341860-3de0-5f3c-aefc-a4018812e931","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"inlinepol1s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol1s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--45f0c08e-b26c-53f7-8e5d-016529e27569","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"http://inlinepol1s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol1s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e22fa45-af75-5983-9da5-dc543aaaec71","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"docinfo.inlinepol1s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.inlinepol1s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9eac40e2-e50e-5a1e-94ff-474650838b31","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"http://docinfo.inlinepol1s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.inlinepol1s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6d4156b-7d6a-515e-b1ff-c1847274e7e7","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"inlinepol19s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol19s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fde0ad99-f32e-5fe7-b0b6-89ec5c980876","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"http://inlinepol19s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol19s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c6f73ef-2fee-57b5-bab4-cd830073479d","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"inlinepol17s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol17s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb268404-d0be-54d7-942b-a1ea3c817684","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"http://inlinepol17s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol17s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--690537e3-ee1c-569e-bae7-d8b944faca68","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"edoc.inlinepol14s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edoc.inlinepol14s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7442c6c7-79d5-526c-9ce3-b4855be8fd32","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"http://edoc.inlinepol14s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edoc.inlinepol14s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3c83a10-c90a-511b-8039-935c4352a41e","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"newaltercm42s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm42s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e9e7ed7-7bd7-5510-bd94-d84148b7b0d4","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"http://newaltercm42s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm42s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af1d07a0-5edb-56eb-937a-11d4ae9b227c","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"inlinepol14s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol14s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07ae19e5-0961-5ab7-a828-f2f4a2338712","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"http://inlinepol14s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol14s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--004ef32d-25f5-5985-9683-2b650cad82dc","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"uofficialerc22v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uofficialerc22v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3bee0e1-3ff6-5218-87b3-35a8bdb83c15","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"http://uofficialerc22v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uofficialerc22v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62902ce9-5951-5b00-9bb9-530935ad3fae","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"newpolinf48s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf48s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--118eea48-db7b-53b9-b849-096b06bc764a","created":"2026-04-28T18:33:00.000Z","modified":"2026-04-28T18:33:00.000Z","valid_from":"2026-04-28T18:33:00.000Z","name":"http://newpolinf48s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf48s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049195306487853319"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--51e53a85-338b-573b-9f01-0fd307463d51","created":"2026-04-28T18:50:00.000Z","modified":"2026-04-28T18:50:00.000Z","valid_from":"2026-04-28T18:50:00.000Z","name":"vayusena.online","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vayusena.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049199564901454092"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3aa2f2b0-7dce-53e1-999e-9c6cb36c576e","created":"2026-04-28T18:50:00.000Z","modified":"2026-04-28T18:50:00.000Z","valid_from":"2026-04-28T18:50:00.000Z","name":"https://vayusena.online:48973/systemdd","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://vayusena.online:48973/systemdd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049199564901454092"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--64e45956-4df7-5b94-a2cb-797945d758e5","created":"2026-04-28T20:13:00.000Z","modified":"2026-04-28T20:13:00.000Z","valid_from":"2026-04-28T20:13:00.000Z","name":"lace-desktop.io","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lace-desktop.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049220391357628591"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5abdd9a-5510-5125-b76a-f51221c334bb","created":"2026-04-28T20:13:00.000Z","modified":"2026-04-28T20:13:00.000Z","valid_from":"2026-04-28T20:13:00.000Z","name":"http://lace-desktop.io","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lace-desktop.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049220391357628591"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d31ea3e-5abb-535d-9359-7fb6f17981d5","created":"2026-04-28T20:13:00.000Z","modified":"2026-04-28T20:13:00.000Z","valid_from":"2026-04-28T20:13:00.000Z","name":"store4.gofile.io","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'store4.gofile.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049220391357628591"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd21a112-1291-5148-a56f-c0b253f6b3e3","created":"2026-04-28T20:13:00.000Z","modified":"2026-04-28T20:13:00.000Z","valid_from":"2026-04-28T20:13:00.000Z","name":"http://store4.gofile.io/download/direct/956fe713-cea0-4157-9f10-6a4e385b49e7/LaceDesktop-installer.msi","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://store4.gofile.io/download/direct/956fe713-cea0-4157-9f10-6a4e385b49e7/LaceDesktop-installer.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049220391357628591"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--731fdc40-6487-5455-9f39-e9fdbea081ae","created":"2026-04-28T20:13:00.000Z","modified":"2026-04-28T20:13:00.000Z","valid_from":"2026-04-28T20:13:00.000Z","name":"lace-desktop.live","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lace-desktop.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049220391357628591"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--595569f1-bfca-555a-bc7e-1553ab5eb86a","created":"2026-04-28T20:13:00.000Z","modified":"2026-04-28T20:13:00.000Z","valid_from":"2026-04-28T20:13:00.000Z","name":"http://lace-desktop.live","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lace-desktop.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049220391357628591"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--745de347-26c7-5446-af8a-4b5854cefd89","created":"2026-04-28T20:17:00.000Z","modified":"2026-04-28T20:17:00.000Z","valid_from":"2026-04-28T20:17:00.000Z","name":"http://138.201.128.249","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://138.201.128.249']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049221402163544167"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--babb1f74-d477-56aa-9d12-c3c883872d7c","created":"2026-04-28T20:17:00.000Z","modified":"2026-04-28T20:17:00.000Z","valid_from":"2026-04-28T20:17:00.000Z","name":"138.201.128.249","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '138.201.128.249']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049221402163544167"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f2d53ac-1afc-5b2f-b6f2-0a008e2b3caf","created":"2026-04-28T20:23:00.000Z","modified":"2026-04-28T20:23:00.000Z","valid_from":"2026-04-28T20:23:00.000Z","name":"spm-cdn-assets-dist-2026.s3.us-east-2.amazonaws.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'spm-cdn-assets-dist-2026.s3.us-east-2.amazonaws.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049223060062970275"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffc6dc1c-e548-5bec-825c-33f946528a53","created":"2026-04-28T20:23:00.000Z","modified":"2026-04-28T20:23:00.000Z","valid_from":"2026-04-28T20:23:00.000Z","name":"http://spm-cdn-assets-dist-2026.s3.us-east-2.amazonaws.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://spm-cdn-assets-dist-2026.s3.us-east-2.amazonaws.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049223060062970275"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a796ae5-9204-5622-9568-8126e38530ec","created":"2026-04-28T21:18:00.000Z","modified":"2026-04-28T21:18:00.000Z","valid_from":"2026-04-28T21:18:00.000Z","name":"drazyland.us","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'drazyland.us']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049236774271045773"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--659b9386-4233-551f-9d09-d5996f296319","created":"2026-04-28T21:18:00.000Z","modified":"2026-04-28T21:18:00.000Z","valid_from":"2026-04-28T21:18:00.000Z","name":"http://drazyland.us","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://drazyland.us']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049236774271045773"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--75cd1278-19c5-59a1-9f07-71de1aa30eef","created":"2026-04-28T21:19:00.000Z","modified":"2026-04-28T21:19:00.000Z","valid_from":"2026-04-28T21:19:00.000Z","name":"centralcoretech.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'centralcoretech.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049237054857285793"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f43b05e2-8b2a-5aac-9a05-0c81aa947caa","created":"2026-04-28T21:19:00.000Z","modified":"2026-04-28T21:19:00.000Z","valid_from":"2026-04-28T21:19:00.000Z","name":"http://centralcoretech.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://centralcoretech.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049237054857285793"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--87764b42-f359-598c-aa65-e7b9c841cb21","created":"2026-04-28T21:26:00.000Z","modified":"2026-04-28T21:26:00.000Z","valid_from":"2026-04-28T21:26:00.000Z","name":"https://35.196.105.113/wp-admin/x64_v6","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://35.196.105.113/wp-admin/x64_v6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049238817958232532"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--81d70580-16e1-5b81-9fe7-a82716760ada","created":"2026-04-28T21:26:00.000Z","modified":"2026-04-28T21:26:00.000Z","valid_from":"2026-04-28T21:26:00.000Z","name":"35.196.105.113","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '35.196.105.113']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049238817958232532"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7c49fc4-4674-57cb-b8d9-37b179597352","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"facilitandoagora.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'facilitandoagora.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--322ddc03-8230-58cb-8219-7ce1f96076aa","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"https://facilitandoagora.online/validacao","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://facilitandoagora.online/validacao']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91b30d4e-4622-5117-bcfb-4e3ed4a9619d","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"mercadolib-es.shop","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mercadolib-es.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--498e86ab-1a9b-594e-b201-5bf75ca6ee1c","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"https://mercadolib-es.shop","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mercadolib-es.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93a9d652-3cd4-511d-90a1-814466416518","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"guepardodelivery-entregador.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'guepardodelivery-entregador.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--395abb52-68e5-5c82-aa9b-09d68594f687","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"https://guepardodelivery-entregador.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://guepardodelivery-entregador.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d96130f-21fe-5172-a4d2-08854959f788","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"ailosapp.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ailosapp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ca39497-d6c9-5ffc-9c07-b3fb246cd43f","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"https://ailosapp.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ailosapp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--444460d3-d1f5-5a17-bca5-1f1cac974777","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"playstorelivelo.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'playstorelivelo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1926bfb-b8e1-515d-8b59-e44dcec442ee","created":"2026-04-28T21:30:00.000Z","modified":"2026-04-28T21:30:00.000Z","valid_from":"2026-04-28T21:30:00.000Z","name":"https://playstorelivelo.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://playstorelivelo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2049239733578969593"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--772b0a2f-27fa-502d-8422-918c2b133fde","created":"2026-04-29T00:06:00.000Z","modified":"2026-04-29T00:06:00.000Z","valid_from":"2026-04-29T00:06:00.000Z","name":"ttvbuilv5mf2wggfjgmvin22ndzghpukhsyy6coz3p4wt5nqnxah7tyd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ttvbuilv5mf2wggfjgmvin22ndzghpukhsyy6coz3p4wt5nqnxah7tyd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2049279082215710749"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f89060fd-0379-5631-bc93-5f8a333f9622","created":"2026-04-29T00:06:00.000Z","modified":"2026-04-29T00:06:00.000Z","valid_from":"2026-04-29T00:06:00.000Z","name":"http://ttvbuilv5mf2wggfjgmvin22ndzghpukhsyy6coz3p4wt5nqnxah7tyd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ttvbuilv5mf2wggfjgmvin22ndzghpukhsyy6coz3p4wt5nqnxah7tyd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2049279082215710749"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--398a1a7e-b95f-5fb4-b1d2-8eea6b4767aa","created":"2026-04-29T00:09:00.000Z","modified":"2026-04-29T00:09:00.000Z","valid_from":"2026-04-29T00:09:00.000Z","name":"38.146.25.206","description":"IOC reported by @eKg_sec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.146.25.206']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/eKg_sec/status/2049279879141564588"}],"labels":["ClickFix","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1de18587-0df6-5824-92b8-2fc8bd11aae7","created":"2026-04-29T01:11:00.000Z","modified":"2026-04-29T01:11:00.000Z","valid_from":"2026-04-29T01:11:00.000Z","name":"tafirizipi.z1.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tafirizipi.z1.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049295427103813988"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e70279b-9a3b-5ffe-874b-2f993867b0d9","created":"2026-04-29T01:11:00.000Z","modified":"2026-04-29T01:11:00.000Z","valid_from":"2026-04-29T01:11:00.000Z","name":"https://tafirizipi.z1.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://tafirizipi.z1.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049295427103813988"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2267d713-c0d3-5669-8d5b-c7afa2833e49","created":"2026-04-29T01:11:00.000Z","modified":"2026-04-29T01:11:00.000Z","valid_from":"2026-04-29T01:11:00.000Z","name":"52.239.251.161","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '52.239.251.161']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049295427103813988"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d30330a-7aa7-5ad5-b9e5-0eeb8016e0c9","created":"2026-04-29T03:13:00.000Z","modified":"2026-04-29T03:13:00.000Z","valid_from":"2026-04-29T03:13:00.000Z","name":"e-stat.8mpf2yml.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.8mpf2yml.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049326139265720321"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bef64346-faa7-5a8b-8e92-212c47f55c85","created":"2026-04-29T03:13:00.000Z","modified":"2026-04-29T03:13:00.000Z","valid_from":"2026-04-29T03:13:00.000Z","name":"https://e-stat.8mpf2yml.shop/home","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.8mpf2yml.shop/home']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049326139265720321"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--439da408-7d97-58df-b553-17cbb592deeb","created":"2026-04-29T03:18:00.000Z","modified":"2026-04-29T03:18:00.000Z","valid_from":"2026-04-29T03:18:00.000Z","name":"e-stat.dcch5jvl.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.dcch5jvl.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049327338736013808"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26f3ccbf-673c-5751-8ab6-5d0344948fd3","created":"2026-04-29T03:18:00.000Z","modified":"2026-04-29T03:18:00.000Z","valid_from":"2026-04-29T03:18:00.000Z","name":"https://e-stat.dcch5jvl.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.dcch5jvl.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049327338736013808"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35d95a92-8892-5c9b-ba20-3ef66f038b8d","created":"2026-04-29T03:18:00.000Z","modified":"2026-04-29T03:18:00.000Z","valid_from":"2026-04-29T03:18:00.000Z","name":"e-stat.9g4icuky.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.9g4icuky.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049327338736013808"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50c41b0a-17f3-5cce-bf55-33891b7702e7","created":"2026-04-29T03:18:00.000Z","modified":"2026-04-29T03:18:00.000Z","valid_from":"2026-04-29T03:18:00.000Z","name":"https://e-stat.9g4icuky.shop/oo6z309q","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.9g4icuky.shop/oo6z309q']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049327338736013808"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cee4144-883c-5f1e-8a4e-0a79c116c079","created":"2026-04-29T04:26:00.000Z","modified":"2026-04-29T04:26:00.000Z","valid_from":"2026-04-29T04:26:00.000Z","name":"http://108.181.153.57:9616","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://108.181.153.57:9616']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2049344545972986204"}],"labels":["C2","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af87f416-fd10-52ac-95a5-74905695dd34","created":"2026-04-29T04:26:00.000Z","modified":"2026-04-29T04:26:00.000Z","valid_from":"2026-04-29T04:26:00.000Z","name":"108.181.153.57","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '108.181.153.57']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2049344545972986204"}],"labels":["C2","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--367ef32b-ab05-5f3c-ad97-e03e96bdf92c","created":"2026-04-29T04:26:00.000Z","modified":"2026-04-29T04:26:00.000Z","valid_from":"2026-04-29T04:26:00.000Z","name":"b915e9fe3d5541e75609b220ed2e88b0","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'b915e9fe3d5541e75609b220ed2e88b0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2049344545972986204"}],"labels":["C2","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5bc79277-9e36-51be-982e-dce979c05860","created":"2026-04-29T05:08:00.000Z","modified":"2026-04-29T05:08:00.000Z","valid_from":"2026-04-29T05:08:00.000Z","name":"certifysubmited.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'certifysubmited.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2049354999793393861"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75eb8733-230f-5d08-a0f6-7e46ba203403","created":"2026-04-29T05:08:00.000Z","modified":"2026-04-29T05:08:00.000Z","valid_from":"2026-04-29T05:08:00.000Z","name":"http://certifysubmited.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://certifysubmited.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2049354999793393861"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--74a2b10a-ed73-5e42-8f91-b5e9b8bab5a8","created":"2026-04-29T05:08:00.000Z","modified":"2026-04-29T05:08:00.000Z","valid_from":"2026-04-29T05:08:00.000Z","name":"e1f3a7b45dad8aec1bf2f5e4d63f0c69","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'e1f3a7b45dad8aec1bf2f5e4d63f0c69']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2049354999793393861"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--79e403d6-87e7-57bb-b5d2-39ecf2ad6abc","created":"2026-04-29T05:36:27.000Z","modified":"2026-04-29T05:36:27.000Z","valid_from":"2026-04-29T05:36:27.000Z","name":"9a25d0d4a647745681b8db289941d407","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '9a25d0d4a647745681b8db289941d407']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049362152688156787"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f569d972-ede4-56d7-b7b9-f38eef248c16","created":"2026-04-29T06:09:00.000Z","modified":"2026-04-29T06:09:00.000Z","valid_from":"2026-04-29T06:09:00.000Z","name":"165.245.250.220","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '165.245.250.220']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049370492763840687"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d457ada-9764-5681-bbb6-05faac4b6c10","created":"2026-04-29T06:30:00.000Z","modified":"2026-04-29T06:30:00.000Z","valid_from":"2026-04-29T06:30:00.000Z","name":"assertive-onyx-canary.31-22-7-7.cpanel.site","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'assertive-onyx-canary.31-22-7-7.cpanel.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2049375732669825206"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e562f215-5ccc-51ca-83ad-88e0cc0e64a7","created":"2026-04-29T06:30:00.000Z","modified":"2026-04-29T06:30:00.000Z","valid_from":"2026-04-29T06:30:00.000Z","name":"https://assertive-onyx-canary.31-22-7-7.cpanel.site/session/","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://assertive-onyx-canary.31-22-7-7.cpanel.site/session/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2049375732669825206"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f7076bf-480a-5d0d-beda-6307c1f974c5","created":"2026-04-29T06:55:00.000Z","modified":"2026-04-29T06:55:00.000Z","valid_from":"2026-04-29T06:55:00.000Z","name":"http://stake-casino.stream","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://stake-casino.stream']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049382164463268033"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca2d1282-d16e-5e39-840b-60947954d2c2","created":"2026-04-29T06:55:00.000Z","modified":"2026-04-29T06:55:00.000Z","valid_from":"2026-04-29T06:55:00.000Z","name":"iuta.today","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iuta.today']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049382164463268033"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c215a9d2-1a36-557a-9095-219a7a0e7486","created":"2026-04-29T06:55:00.000Z","modified":"2026-04-29T06:55:00.000Z","valid_from":"2026-04-29T06:55:00.000Z","name":"http://iuta.today","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://iuta.today']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049382164463268033"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--548d3dbd-4953-5725-a600-cd732ca11f28","created":"2026-04-29T06:55:00.000Z","modified":"2026-04-29T06:55:00.000Z","valid_from":"2026-04-29T06:55:00.000Z","name":"c2699723fed437cfedb0a7e6762741e7","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'c2699723fed437cfedb0a7e6762741e7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049382164463268033"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b619929b-1104-5a44-b889-68652c651ef6","created":"2026-04-29T06:55:00.000Z","modified":"2026-04-29T06:55:00.000Z","valid_from":"2026-04-29T06:55:00.000Z","name":"b80700935a4ef074810583dd7e093c78","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'b80700935a4ef074810583dd7e093c78']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049382164463268033"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ad2aba0-bcc3-503b-8505-37572a857427","created":"2026-04-29T06:55:00.000Z","modified":"2026-04-29T06:55:00.000Z","valid_from":"2026-04-29T06:55:00.000Z","name":"95.111.244.90","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '95.111.244.90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049382106619576417"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fb1cc69-c607-5ada-96c2-cd801cb94154","created":"2026-04-29T07:00:00.000Z","modified":"2026-04-29T07:00:00.000Z","valid_from":"2026-04-29T07:00:00.000Z","name":"stake-casino.stream","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'stake-casino.stream']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049383256441671998"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e488ace3-43c6-567d-8d3f-4a8877c1b8ea","created":"2026-04-29T07:00:00.000Z","modified":"2026-04-29T07:00:00.000Z","valid_from":"2026-04-29T07:00:00.000Z","name":"https://stake-casino.stream","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://stake-casino.stream']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049383256441671998"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d46a4d8-ad9d-597b-92df-e0a303ec0181","created":"2026-04-29T07:35:00.000Z","modified":"2026-04-29T07:35:00.000Z","valid_from":"2026-04-29T07:35:00.000Z","name":"ljbrwu.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ljbrwu.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049391999577645422"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--160d7d48-9633-5653-8719-cf012470746c","created":"2026-04-29T07:35:00.000Z","modified":"2026-04-29T07:35:00.000Z","valid_from":"2026-04-29T07:35:00.000Z","name":"https://ljbrwu.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ljbrwu.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049391999577645422"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6525ec7c-3750-5cf3-99be-9572d9225fbf","created":"2026-04-29T07:35:00.000Z","modified":"2026-04-29T07:35:00.000Z","valid_from":"2026-04-29T07:35:00.000Z","name":"qviega.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'qviega.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049391999577645422"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5317dde5-b84c-584c-a779-bc8bc68d58c7","created":"2026-04-29T07:35:00.000Z","modified":"2026-04-29T07:35:00.000Z","valid_from":"2026-04-29T07:35:00.000Z","name":"https://qviega.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://qviega.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049391999577645422"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c596b881-88b7-5cf1-ae5f-6bc57798127d","created":"2026-04-29T07:47:00.000Z","modified":"2026-04-29T07:47:00.000Z","valid_from":"2026-04-29T07:47:00.000Z","name":"79.7.152.162","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '79.7.152.162']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049395063659307421"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--abda2562-a4ae-528b-aed8-90d8ca41a05b","created":"2026-04-29T07:47:00.000Z","modified":"2026-04-29T07:47:00.000Z","valid_from":"2026-04-29T07:47:00.000Z","name":"901fc6771ccdfc5194dfa63f949cce05298c999a813af2cec2ebf2dcc50aed1f","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '901fc6771ccdfc5194dfa63f949cce05298c999a813af2cec2ebf2dcc50aed1f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049395063659307421"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e666a99-e4c5-5bf2-9eb1-7c8a038bd389","created":"2026-04-29T07:47:00.000Z","modified":"2026-04-29T07:47:00.000Z","valid_from":"2026-04-29T07:47:00.000Z","name":"6c513a3caaf0e368f8336a307b1d4ccb2ad16fdc8428d8397acd0b2594bbc5c8","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '6c513a3caaf0e368f8336a307b1d4ccb2ad16fdc8428d8397acd0b2594bbc5c8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049395063659307421"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--054ee136-e208-5d3f-88fe-577cabffa05a","created":"2026-04-29T08:00:00.000Z","modified":"2026-04-29T08:00:00.000Z","valid_from":"2026-04-29T08:00:00.000Z","name":"jif-9-dodol-7793ce.netlify.app","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jif-9-dodol-7793ce.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2049398435556577391"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--146d3567-3283-5500-b745-6cf85b522f55","created":"2026-04-29T08:00:00.000Z","modified":"2026-04-29T08:00:00.000Z","valid_from":"2026-04-29T08:00:00.000Z","name":"https://jif-9-dodol-7793ce.netlify.app","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jif-9-dodol-7793ce.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2049398435556577391"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1b1cf38-36d6-5f06-bd1b-72161118f172","created":"2026-04-29T08:00:00.000Z","modified":"2026-04-29T08:00:00.000Z","valid_from":"2026-04-29T08:00:00.000Z","name":"intesasanpaolo-proteggi-la-mia-carta.netlify.app","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'intesasanpaolo-proteggi-la-mia-carta.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2049398435556577391"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3dc3064a-63fd-537f-954a-0ef97b573639","created":"2026-04-29T08:00:00.000Z","modified":"2026-04-29T08:00:00.000Z","valid_from":"2026-04-29T08:00:00.000Z","name":"https://intesasanpaolo-proteggi-la-mia-carta.netlify.app","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://intesasanpaolo-proteggi-la-mia-carta.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2049398435556577391"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac82dbeb-d236-50cf-a5bf-9eff9c7759a7","created":"2026-04-29T08:00:00.000Z","modified":"2026-04-29T08:00:00.000Z","valid_from":"2026-04-29T08:00:00.000Z","name":"31.57.156.127","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.57.156.127']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049398324990758971"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--949ab6c1-0bde-5ac0-87e3-9f3c15242366","created":"2026-04-29T08:00:00.000Z","modified":"2026-04-29T08:00:00.000Z","valid_from":"2026-04-29T08:00:00.000Z","name":"64e6353f01583ef365ee3e835cff0c21b21e523b9c466c2a6cc99910a6438c17","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '64e6353f01583ef365ee3e835cff0c21b21e523b9c466c2a6cc99910a6438c17']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049398324990758971"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31928e33-c0cf-5479-bf53-a47978fe0a03","created":"2026-04-29T08:20:00.000Z","modified":"2026-04-29T08:20:00.000Z","valid_from":"2026-04-29T08:20:00.000Z","name":"229a945794ad056001982803a6a58a8c","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '229a945794ad056001982803a6a58a8c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049403329491431791"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3395107f-959c-5ba9-a899-33ff8f1b20fa","created":"2026-04-29T09:18:00.000Z","modified":"2026-04-29T09:18:00.000Z","valid_from":"2026-04-29T09:18:00.000Z","name":"e-stat.75lcvzk6.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.75lcvzk6.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049418155660103859"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1a5de94-c6b3-5595-a64c-553a6bffe790","created":"2026-04-29T09:18:00.000Z","modified":"2026-04-29T09:18:00.000Z","valid_from":"2026-04-29T09:18:00.000Z","name":"https://e-stat.75lcvzk6.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.75lcvzk6.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049418155660103859"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aace74ac-1bb9-563c-b1af-c3a3f27930e5","created":"2026-04-29T09:18:00.000Z","modified":"2026-04-29T09:18:00.000Z","valid_from":"2026-04-29T09:18:00.000Z","name":"e-stat.26rni3t0.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.26rni3t0.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049418155660103859"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e538d79-621d-55d9-82dc-d1943d23b861","created":"2026-04-29T09:18:00.000Z","modified":"2026-04-29T09:18:00.000Z","valid_from":"2026-04-29T09:18:00.000Z","name":"https://e-stat.26rni3t0.shop/2xj3nsrm","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.26rni3t0.shop/2xj3nsrm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049418155660103859"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9acdfff2-f5bb-5d9d-8c0b-7c25c792ea32","created":"2026-04-29T09:24:18.000Z","modified":"2026-04-29T09:24:18.000Z","valid_from":"2026-04-29T09:24:18.000Z","name":"e-stat.dcrj1bfm.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.dcrj1bfm.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049419493974450530"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d37ceec6-8b8a-55e2-9e9c-e25310a34fa1","created":"2026-04-29T09:24:18.000Z","modified":"2026-04-29T09:24:18.000Z","valid_from":"2026-04-29T09:24:18.000Z","name":"https://e-stat.dcrj1bfm.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.dcrj1bfm.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049419493974450530"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18acf3a1-3a95-5fd6-bc54-2e587dc252ed","created":"2026-04-29T10:13:00.000Z","modified":"2026-04-29T10:13:00.000Z","valid_from":"2026-04-29T10:13:00.000Z","name":"http://115.175.16.26","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://115.175.16.26']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049431879208616237"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--94e2d446-c40b-5e1e-8f2b-e3924119d3aa","created":"2026-04-29T10:13:00.000Z","modified":"2026-04-29T10:13:00.000Z","valid_from":"2026-04-29T10:13:00.000Z","name":"115.175.16.26","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '115.175.16.26']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049431879208616237"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--96ce145d-5503-5763-b798-50b88170cd2e","created":"2026-04-29T10:24:00.000Z","modified":"2026-04-29T10:24:00.000Z","valid_from":"2026-04-29T10:24:00.000Z","name":"http://185.102.115.84:4000/login","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://185.102.115.84:4000/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049434562522935614"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4557d943-6e94-562b-9ff5-7ec804e439f1","created":"2026-04-29T10:24:00.000Z","modified":"2026-04-29T10:24:00.000Z","valid_from":"2026-04-29T10:24:00.000Z","name":"185.102.115.84","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.102.115.84']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049434562522935614"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a537bc1-d479-5601-9030-1334a255333a","created":"2026-04-29T10:25:00.000Z","modified":"2026-04-29T10:25:00.000Z","valid_from":"2026-04-29T10:25:00.000Z","name":"https://raw.githubusercontent.com/gdq2/F/refs/heads/main/5","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://raw.githubusercontent.com/gdq2/F/refs/heads/main/5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049434807977865313"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa17d9e6-21a3-519e-92b8-c2e13b6e130b","created":"2026-04-29T10:33:00.000Z","modified":"2026-04-29T10:33:00.000Z","valid_from":"2026-04-29T10:33:00.000Z","name":"cloud-verificate.com","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cloud-verificate.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049436796225036688"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f417b9c0-7993-5e11-aeee-ead03f4190aa","created":"2026-04-29T10:33:00.000Z","modified":"2026-04-29T10:33:00.000Z","valid_from":"2026-04-29T10:33:00.000Z","name":"http://cloud-verificate.com","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cloud-verificate.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049436796225036688"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8db6377a-4809-5535-aefb-abbaba8ecbd7","created":"2026-04-29T10:33:00.000Z","modified":"2026-04-29T10:33:00.000Z","valid_from":"2026-04-29T10:33:00.000Z","name":"f920747af86b9e42e38a530ff977b499","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'f920747af86b9e42e38a530ff977b499']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049436796225036688"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4f32dae-eeb3-5cf9-bae8-4cec3aec6845","created":"2026-04-29T10:35:00.000Z","modified":"2026-04-29T10:35:00.000Z","valid_from":"2026-04-29T10:35:00.000Z","name":"heliosdue.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'heliosdue.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049437377546903716"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0e906b1-fab1-552e-a711-105ca298d60f","created":"2026-04-29T10:35:00.000Z","modified":"2026-04-29T10:35:00.000Z","valid_from":"2026-04-29T10:35:00.000Z","name":"http://heliosdue.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://heliosdue.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049437377546903716"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1179d572-a94f-5298-b5e2-a71c9eec64ef","created":"2026-04-29T10:43:00.000Z","modified":"2026-04-29T10:43:00.000Z","valid_from":"2026-04-29T10:43:00.000Z","name":"xeniominb.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xeniominb.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049439487491510434"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--db02a68d-4ab4-5dc3-bf8a-57f4fd8deba0","created":"2026-04-29T10:43:00.000Z","modified":"2026-04-29T10:43:00.000Z","valid_from":"2026-04-29T10:43:00.000Z","name":"http://xeniominb.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xeniominb.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049439487491510434"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9da4e185-6628-594f-a994-8dc0a503fd5a","created":"2026-04-29T11:07:00.000Z","modified":"2026-04-29T11:07:00.000Z","valid_from":"2026-04-29T11:07:00.000Z","name":"dashwake.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dashwake.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049445426521092596"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--67cee3cb-be0d-570b-91e9-42473c2f2ce6","created":"2026-04-29T11:07:00.000Z","modified":"2026-04-29T11:07:00.000Z","valid_from":"2026-04-29T11:07:00.000Z","name":"http://dashwake.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dashwake.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049445426521092596"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--badf53e2-599b-5f88-8dd5-5ff9fcc12c4c","created":"2026-04-29T11:17:00.000Z","modified":"2026-04-29T11:17:00.000Z","valid_from":"2026-04-29T11:17:00.000Z","name":"qusetagent.com","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'qusetagent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049447854947848561"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--409cafd5-3fcc-56ba-b040-2c478086acc1","created":"2026-04-29T11:17:00.000Z","modified":"2026-04-29T11:17:00.000Z","valid_from":"2026-04-29T11:17:00.000Z","name":"http://qusetagent.com","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://qusetagent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049447854947848561"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fdf02efe-9190-5610-bd77-9abd2b6fdb50","created":"2026-04-29T11:17:00.000Z","modified":"2026-04-29T11:17:00.000Z","valid_from":"2026-04-29T11:17:00.000Z","name":"dcb3f8501b0e060ef5a180d9605d6681","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'dcb3f8501b0e060ef5a180d9605d6681']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2049447854947848561"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--08d19d64-e41f-5bb4-8fb6-a06f162bcebb","created":"2026-04-29T11:58:00.000Z","modified":"2026-04-29T11:58:00.000Z","valid_from":"2026-04-29T11:58:00.000Z","name":"sagiw.chatcamic.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sagiw.chatcamic.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049458253243810069"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--595e4a1f-9c52-5631-8fcb-2e2d6c89d5c0","created":"2026-04-29T11:58:00.000Z","modified":"2026-04-29T11:58:00.000Z","valid_from":"2026-04-29T11:58:00.000Z","name":"http://sagiw.chatcamic.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sagiw.chatcamic.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049458253243810069"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--64514066-be59-544d-98d1-a234b295350e","created":"2026-04-29T11:58:14.000Z","modified":"2026-04-29T11:58:14.000Z","valid_from":"2026-04-29T11:58:14.000Z","name":"info@erreklamatu.com","description":"IOC reported by @Erreklamatu on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info@erreklamatu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Erreklamatu/status/2049458232410669170"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc8a2305-9831-501e-8758-24ade4a06fa1","created":"2026-04-29T11:58:14.000Z","modified":"2026-04-29T11:58:14.000Z","valid_from":"2026-04-29T11:58:14.000Z","name":"https://info@erreklamatu.com","description":"IOC reported by @Erreklamatu on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://info@erreklamatu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Erreklamatu/status/2049458232410669170"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--87764b42-f359-598c-aa65-e7b9c841cb21","created":"2026-04-29T12:07:00.000Z","modified":"2026-04-29T12:07:00.000Z","valid_from":"2026-04-29T12:07:00.000Z","name":"https://35.196.105.113/wp-admin/x64_v6","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://35.196.105.113/wp-admin/x64_v6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2049460649885855948"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--462d60f7-58aa-5c78-a98c-12f02f6092d6","created":"2026-04-29T12:07:00.000Z","modified":"2026-04-29T12:07:00.000Z","valid_from":"2026-04-29T12:07:00.000Z","name":"http://35.196.105.113:8000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://35.196.105.113:8000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2049460649885855948"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--81d70580-16e1-5b81-9fe7-a82716760ada","created":"2026-04-29T12:07:00.000Z","modified":"2026-04-29T12:07:00.000Z","valid_from":"2026-04-29T12:07:00.000Z","name":"35.196.105.113","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '35.196.105.113']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2049460649885855948"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--987e76dd-f53b-5995-89ea-49deca5cb733","created":"2026-04-29T12:08:00.000Z","modified":"2026-04-29T12:08:00.000Z","valid_from":"2026-04-29T12:08:00.000Z","name":"u.to","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'u.to']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2049460843079717124"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c058cd3-a02a-5fe5-ad94-fea0a8eecd7f","created":"2026-04-29T12:08:00.000Z","modified":"2026-04-29T12:08:00.000Z","valid_from":"2026-04-29T12:08:00.000Z","name":"https://u.to/FMrdIA","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://u.to/FMrdIA']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2049460843079717124"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c23b2fee-25d2-5f9f-8f55-370453da6d91","created":"2026-04-29T12:08:00.000Z","modified":"2026-04-29T12:08:00.000Z","valid_from":"2026-04-29T12:08:00.000Z","name":"186.2.165.57","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '186.2.165.57']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2049460843079717124"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--94195de2-03b4-5ddf-a964-89dbb40d3ee2","created":"2026-04-29T14:14:00.000Z","modified":"2026-04-29T14:14:00.000Z","valid_from":"2026-04-29T14:14:00.000Z","name":"163.61.188.2","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '163.61.188.2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2049492548498993629"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b335cf7e-b491-5c39-9b97-d3f6e2c4a88e","created":"2026-04-29T14:16:39.000Z","modified":"2026-04-29T14:16:39.000Z","valid_from":"2026-04-29T14:16:39.000Z","name":"check.spamhaus.org","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'check.spamhaus.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2049493067388817785"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1389c5f3-5741-5936-af28-d0e5df8c65fb","created":"2026-04-29T14:16:39.000Z","modified":"2026-04-29T14:16:39.000Z","valid_from":"2026-04-29T14:16:39.000Z","name":"https://check.spamhaus.org/results/?query=163.61.188.5","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://check.spamhaus.org/results/?query=163.61.188.5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2049493067388817785"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a042669d-2d5d-5ef8-a901-906027f8815e","created":"2026-04-29T14:16:39.000Z","modified":"2026-04-29T14:16:39.000Z","valid_from":"2026-04-29T14:16:39.000Z","name":"https://check.spamhaus.org/results/?query=163.61.188.7","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://check.spamhaus.org/results/?query=163.61.188.7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2049493067388817785"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9de4048-6415-5d2e-bd8e-3973921239aa","created":"2026-04-29T14:16:39.000Z","modified":"2026-04-29T14:16:39.000Z","valid_from":"2026-04-29T14:16:39.000Z","name":"163.61.188.5","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '163.61.188.5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2049493067388817785"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c25a88e-6bfa-5aa6-81f8-361f60c1545e","created":"2026-04-29T14:16:39.000Z","modified":"2026-04-29T14:16:39.000Z","valid_from":"2026-04-29T14:16:39.000Z","name":"163.61.188.7","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '163.61.188.7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2049493067388817785"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99d75203-2a3c-5c88-b8f3-8385f6d0a65c","created":"2026-04-29T14:36:00.000Z","modified":"2026-04-29T14:36:00.000Z","valid_from":"2026-04-29T14:36:00.000Z","name":"theoryviraleliminate.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'theoryviraleliminate.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049498081347919982"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--429fd6f3-de3e-5967-b7b4-27281856bd68","created":"2026-04-29T14:36:00.000Z","modified":"2026-04-29T14:36:00.000Z","valid_from":"2026-04-29T14:36:00.000Z","name":"http://theoryviraleliminate.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://theoryviraleliminate.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049498081347919982"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d98f523c-1615-5786-bee2-43682ba5af4e","created":"2026-04-29T15:10:00.000Z","modified":"2026-04-29T15:10:00.000Z","valid_from":"2026-04-29T15:10:00.000Z","name":"e-eslectronic.jp","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-eslectronic.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049506623148998973"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97b1e0aa-5fd8-506f-8e38-f880f0db2dd1","created":"2026-04-29T15:10:00.000Z","modified":"2026-04-29T15:10:00.000Z","valid_from":"2026-04-29T15:10:00.000Z","name":"https://e-eslectronic.jp/e/Ticket/plus/etC6Fsh5","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-eslectronic.jp/e/Ticket/plus/etC6Fsh5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049506623148998973"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b88468b0-b9a6-5827-ad0f-fd2325b96f02","created":"2026-04-29T17:49:00.000Z","modified":"2026-04-29T17:49:00.000Z","valid_from":"2026-04-29T17:49:00.000Z","name":"onlinepaperfile.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'onlinepaperfile.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2049546595520397676"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a46f3e4f-50e0-5590-80a5-b585e5e238bf","created":"2026-04-29T17:49:00.000Z","modified":"2026-04-29T17:49:00.000Z","valid_from":"2026-04-29T17:49:00.000Z","name":"http://onlinepaperfile.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://onlinepaperfile.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2049546595520397676"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b620374c-cc7f-5a6c-8800-9b1826227c70","created":"2026-04-29T17:49:00.000Z","modified":"2026-04-29T17:49:00.000Z","valid_from":"2026-04-29T17:49:00.000Z","name":"onlinepaperfiles.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'onlinepaperfiles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2049546595520397676"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7e21244-da20-503a-b529-037976216dfd","created":"2026-04-29T17:49:00.000Z","modified":"2026-04-29T17:49:00.000Z","valid_from":"2026-04-29T17:49:00.000Z","name":"http://onlinepaperfiles.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://onlinepaperfiles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2049546595520397676"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--71338ff3-a761-5e91-8f83-f3b9b1527942","created":"2026-04-29T18:00:00.000Z","modified":"2026-04-29T18:00:00.000Z","valid_from":"2026-04-29T18:00:00.000Z","name":"http://185.76.79.125","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://185.76.79.125']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2049549292755734604"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8a308bc-c1e5-54a3-bd33-bd4919a8ef5e","created":"2026-04-29T18:00:00.000Z","modified":"2026-04-29T18:00:00.000Z","valid_from":"2026-04-29T18:00:00.000Z","name":"185.76.79.125","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.76.79.125']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2049549292755734604"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--385a7cae-57dd-5dab-8762-0504c1760a69","created":"2026-04-29T18:12:10.000Z","modified":"2026-04-29T18:12:10.000Z","valid_from":"2026-04-29T18:12:10.000Z","name":"lace-wallet-aap.weebly.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lace-wallet-aap.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049552334569513276"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dccfbe77-3756-5e6b-a67b-2dfb62558beb","created":"2026-04-29T18:12:10.000Z","modified":"2026-04-29T18:12:10.000Z","valid_from":"2026-04-29T18:12:10.000Z","name":"http://lace-wallet-aap.weebly.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lace-wallet-aap.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049552334569513276"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--25146954-28ee-501f-a27f-a2404a2f0aab","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"ncodcepass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodcepass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5904008-c197-5c8c-bf82-24e8f565630c","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"http://ncodcepass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodcepass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92fb6265-5c94-53c7-810e-9330a4b1c5d4","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"nidloes.ncodcepass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.ncodcepass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c8adcfb-08d3-55d8-8929-ccf71390bb8a","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"http://nidloes.ncodcepass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.ncodcepass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3149db29-54c0-56d5-9a0f-307882a848bb","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"ncodccpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodccpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ab43a06-a58a-5d01-915c-b47211a28b38","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"http://ncodccpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodccpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6a638ea-9338-5ee3-945c-283db326181c","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"ncodcbpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodcbpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b24cff56-7e1a-5694-ac5c-6d768ccfcffa","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"http://ncodcbpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodcbpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62d233dc-217f-52b0-9f40-468cb9f2d0ad","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"ncodcapass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodcapass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c85fb4eb-3322-50b1-8c69-a8880b99b0a6","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"http://ncodcapass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodcapass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b3928e5-c388-5a86-8295-a91814fd85ce","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"ncodbspass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodbspass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22fce9c6-921b-58d1-a937-cc871a4b8c77","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"http://ncodbspass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodbspass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff47b6ef-e567-5bcd-b55f-a8852aef2c57","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"nid.ncodbspass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ncodbspass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85758904-9025-5d7e-99aa-176d41df111b","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"http://nid.ncodbspass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ncodbspass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc194fbe-578c-5d53-98b7-0aaf89d985af","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"nid.ncodbzpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ncodbzpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aaa3e7df-c72d-52b5-9491-558d089182bc","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"http://nid.ncodbzpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ncodbzpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93ccaa21-0353-5695-ac78-2334420d9b87","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"ncodbzpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncodbzpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10e4f74a-8d1a-55a4-b9d8-10cffa597e89","created":"2026-04-29T18:18:00.000Z","modified":"2026-04-29T18:18:00.000Z","valid_from":"2026-04-29T18:18:00.000Z","name":"http://ncodbzpass.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncodbzpass.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049553999653945709"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21010fb6-dfdd-5adf-8515-7ff081b1a6d1","created":"2026-04-29T18:29:00.000Z","modified":"2026-04-29T18:29:00.000Z","valid_from":"2026-04-29T18:29:00.000Z","name":"asdasdasz.cfd","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'asdasdasz.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049556634012401794"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6edafde-16b9-519d-97b7-4addfd47a1e5","created":"2026-04-29T18:29:00.000Z","modified":"2026-04-29T18:29:00.000Z","valid_from":"2026-04-29T18:29:00.000Z","name":"http://asdasdasz.cfd","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://asdasdasz.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049556634012401794"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0e02c8d-6c36-5fd5-8d69-3711268ba7b6","created":"2026-04-29T18:29:00.000Z","modified":"2026-04-29T18:29:00.000Z","valid_from":"2026-04-29T18:29:00.000Z","name":"binfinance.cfd","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binfinance.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049556634012401794"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cbd9a401-8c5f-52dc-895c-f5afd90d6d74","created":"2026-04-29T18:29:00.000Z","modified":"2026-04-29T18:29:00.000Z","valid_from":"2026-04-29T18:29:00.000Z","name":"http://binfinance.cfd","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binfinance.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049556634012401794"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e61771a1-6fd6-5c6f-93eb-8f0e6f79af81","created":"2026-04-29T18:29:00.000Z","modified":"2026-04-29T18:29:00.000Z","valid_from":"2026-04-29T18:29:00.000Z","name":"http://94.154.35.90","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://94.154.35.90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049556634012401794"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39f686ae-9783-54b2-9e9f-6d38df9d3398","created":"2026-04-29T18:29:00.000Z","modified":"2026-04-29T18:29:00.000Z","valid_from":"2026-04-29T18:29:00.000Z","name":"94.154.35.90","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.154.35.90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049556634012401794"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c86a0526-2b3a-57c1-9464-61d34125687d","created":"2026-04-29T18:36:00.000Z","modified":"2026-04-29T18:36:00.000Z","valid_from":"2026-04-29T18:36:00.000Z","name":"http://88.214.20.14/bins/tux.mips","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://88.214.20.14/bins/tux.mips']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049558462632218765"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--003cbac8-c876-5256-a7c0-aef1bb5c9f3d","created":"2026-04-29T18:36:00.000Z","modified":"2026-04-29T18:36:00.000Z","valid_from":"2026-04-29T18:36:00.000Z","name":"61.58.234.15","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '61.58.234.15']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049558462632218765"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6309dff-9fbb-513a-8e99-c410268f00ae","created":"2026-04-29T18:36:00.000Z","modified":"2026-04-29T18:36:00.000Z","valid_from":"2026-04-29T18:36:00.000Z","name":"88.214.20.14","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '88.214.20.14']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049558462632218765"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0850fd39-367c-5ffa-8862-632c8317fe0a","created":"2026-04-29T18:36:00.000Z","modified":"2026-04-29T18:36:00.000Z","valid_from":"2026-04-29T18:36:00.000Z","name":"d372cfe6854782eb1f3b2cc341187c88","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'd372cfe6854782eb1f3b2cc341187c88']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2049558462632218765"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b08b6f5-9613-5af2-a038-9352f0ec9a3c","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"clarifypost.forum","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'clarifypost.forum']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2353afc7-5d32-5357-b248-bec1ddba92b1","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://clarifypost.forum","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://clarifypost.forum']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f9c470a-b198-5b3f-b6e4-bcbea4286e09","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"k-admin-portal.quest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'k-admin-portal.quest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--418f87ac-49e3-5e66-b0cf-15f9fd87e303","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://k-admin-portal.quest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://k-admin-portal.quest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc64963f-9c43-558e-9124-4a315b2ad5b3","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"secsettingcheck.quest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'secsettingcheck.quest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d6ebedd-e211-5640-9c01-449cd239447b","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://secsettingcheck.quest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://secsettingcheck.quest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--569560d5-e95c-5d83-936c-5de3f15ce5ee","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"alarm-doc-review.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'alarm-doc-review.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9680a7a1-c258-521b-bc53-a20ff074503c","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://alarm-doc-review.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://alarm-doc-review.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f9fa4c6-b907-50d6-a91f-810f4d11e8aa","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"e-billing-service.autos","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-billing-service.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9eb248a3-20d8-57ab-8025-d71fcbd89d4c","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://e-billing-service.autos","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://e-billing-service.autos']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--de2c6238-c3b9-5350-b2a0-e80286aaedfb","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"confirm-userorder.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'confirm-userorder.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5dbe2602-84d0-55a2-ac8a-60b9dafe27f0","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://confirm-userorder.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://confirm-userorder.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dee1ba6b-ccfb-5f00-a036-0759928e22f8","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"paperless-korea.one","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'paperless-korea.one']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--327317bb-b0c8-5fce-81d3-6fa33c844136","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://paperless-korea.one","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://paperless-korea.one']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--01623abc-e204-5b8b-9114-f00b9f182e10","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"checko.paperless-korea.one","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'checko.paperless-korea.one']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--faabb7cb-5d35-5e2f-bced-fe053e082caa","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://checko.paperless-korea.one","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://checko.paperless-korea.one']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae467d7f-5d18-5e6b-9b90-bdf21d8940e2","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"cdn-verifying.homes","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cdn-verifying.homes']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8371213f-4f7c-5517-b185-6a22a84a7970","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://cdn-verifying.homes","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cdn-verifying.homes']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--067247cf-0f0d-5c3b-b9a8-37baf6973cb0","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"http://152.32.243.169","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://152.32.243.169']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--61c8bf15-112a-57a6-8f6c-481feb9c7670","created":"2026-04-29T19:04:00.000Z","modified":"2026-04-29T19:04:00.000Z","valid_from":"2026-04-29T19:04:00.000Z","name":"152.32.243.169","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '152.32.243.169']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049565434685325594"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b4564d3-089b-5c9c-a317-71d3cae62812","created":"2026-04-29T20:09:00.000Z","modified":"2026-04-29T20:09:00.000Z","valid_from":"2026-04-29T20:09:00.000Z","name":"securedoc-photos.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'securedoc-photos.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049581740398887017"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9688d89d-ef5c-569a-a1a8-2ca58e726732","created":"2026-04-29T20:09:00.000Z","modified":"2026-04-29T20:09:00.000Z","valid_from":"2026-04-29T20:09:00.000Z","name":"http://securedoc-photos.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://securedoc-photos.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049581740398887017"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--74830495-3883-5e89-a140-b2cfa413195f","created":"2026-04-29T20:09:00.000Z","modified":"2026-04-29T20:09:00.000Z","valid_from":"2026-04-29T20:09:00.000Z","name":"eacf50d94110e59e27c80cc8b1a10632bf4d3e51d0d887937060479b402ca0d9","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'eacf50d94110e59e27c80cc8b1a10632bf4d3e51d0d887937060479b402ca0d9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049581740398887017"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--827c4eeb-27af-584c-87d2-45a5634e9f0a","created":"2026-04-29T21:59:00.000Z","modified":"2026-04-29T21:59:00.000Z","valid_from":"2026-04-29T21:59:00.000Z","name":"luxoriahub.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'luxoriahub.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049609513725222967"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3ba6d9e-8ba9-5094-98e9-8163a15a9757","created":"2026-04-29T21:59:00.000Z","modified":"2026-04-29T21:59:00.000Z","valid_from":"2026-04-29T21:59:00.000Z","name":"https://luxoriahub.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://luxoriahub.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049609513725222967"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aace74ac-1bb9-563c-b1af-c3a3f27930e5","created":"2026-04-30T01:11:00.000Z","modified":"2026-04-30T01:11:00.000Z","valid_from":"2026-04-30T01:11:00.000Z","name":"e-stat.26rni3t0.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.26rni3t0.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049657818085781664"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8519a025-b497-5403-aa13-3bf90589fc39","created":"2026-04-30T01:11:00.000Z","modified":"2026-04-30T01:11:00.000Z","valid_from":"2026-04-30T01:11:00.000Z","name":"https://e-stat.26rni3t0.shop/home","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.26rni3t0.shop/home']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049657818085781664"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d30330a-7aa7-5ad5-b9e5-0eeb8016e0c9","created":"2026-04-30T01:11:00.000Z","modified":"2026-04-30T01:11:00.000Z","valid_from":"2026-04-30T01:11:00.000Z","name":"e-stat.8mpf2yml.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.8mpf2yml.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049657818085781664"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bef64346-faa7-5a8b-8e92-212c47f55c85","created":"2026-04-30T01:11:00.000Z","modified":"2026-04-30T01:11:00.000Z","valid_from":"2026-04-30T01:11:00.000Z","name":"https://e-stat.8mpf2yml.shop/home","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.8mpf2yml.shop/home']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049657818085781664"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77993244-25ee-5c02-aa2d-d1a8a5a2f341","created":"2026-04-30T01:17:00.000Z","modified":"2026-04-30T01:17:00.000Z","valid_from":"2026-04-30T01:17:00.000Z","name":"server-restore-biglobe-ne-jp.weebly.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'server-restore-biglobe-ne-jp.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049659323278864411"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--050784e4-19d9-5a63-9a41-7a25932a7e98","created":"2026-04-30T01:17:00.000Z","modified":"2026-04-30T01:17:00.000Z","valid_from":"2026-04-30T01:17:00.000Z","name":"https://server-restore-biglobe-ne-jp.weebly.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://server-restore-biglobe-ne-jp.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049659323278864411"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3dd541ea-a37a-5291-96ab-b0d74ab75ce7","created":"2026-04-30T02:30:00.000Z","modified":"2026-04-30T02:30:00.000Z","valid_from":"2026-04-30T02:30:00.000Z","name":"116.118.47.206","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '116.118.47.206']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049677620678107196"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--181a99f3-af86-595c-9af9-7e4d303255f1","created":"2026-04-30T05:40:00.000Z","modified":"2026-04-30T05:40:00.000Z","valid_from":"2026-04-30T05:40:00.000Z","name":"91.219.238.166","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.219.238.166']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049725521005588913"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17df51f0-17e7-5d72-88b0-dcf6ad952c02","created":"2026-04-30T05:40:00.000Z","modified":"2026-04-30T05:40:00.000Z","valid_from":"2026-04-30T05:40:00.000Z","name":"176.65.132.249","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '176.65.132.249']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049725521005588913"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad2f1f9a-336e-51c8-a5af-d8f8c711c40f","created":"2026-04-30T05:40:00.000Z","modified":"2026-04-30T05:40:00.000Z","valid_from":"2026-04-30T05:40:00.000Z","name":"178.16.52.105","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '178.16.52.105']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049725521005588913"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4081e38e-394d-5088-a7b6-043f0dffabe1","created":"2026-04-30T05:51:00.000Z","modified":"2026-04-30T05:51:00.000Z","valid_from":"2026-04-30T05:51:00.000Z","name":"http://91.92.243.46","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://91.92.243.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049728280052339142"}],"labels":["LummaStealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16b7e9d6-7274-532e-a606-3e9268424401","created":"2026-04-30T05:51:00.000Z","modified":"2026-04-30T05:51:00.000Z","valid_from":"2026-04-30T05:51:00.000Z","name":"driplin.cyou","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'driplin.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049728280052339142"}],"labels":["LummaStealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef05abd4-d8e6-513b-ab9a-e94d77d621d3","created":"2026-04-30T05:51:00.000Z","modified":"2026-04-30T05:51:00.000Z","valid_from":"2026-04-30T05:51:00.000Z","name":"http://driplin.cyou","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://driplin.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049728280052339142"}],"labels":["LummaStealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8cfadb4-c188-506d-b544-d86cda0a291c","created":"2026-04-30T05:51:00.000Z","modified":"2026-04-30T05:51:00.000Z","valid_from":"2026-04-30T05:51:00.000Z","name":"pomflgf.vu","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pomflgf.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049728280052339142"}],"labels":["LummaStealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a77e2cb-0d5e-5b18-bd66-4d465cf1624b","created":"2026-04-30T05:51:00.000Z","modified":"2026-04-30T05:51:00.000Z","valid_from":"2026-04-30T05:51:00.000Z","name":"http://pomflgf.vu","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pomflgf.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049728280052339142"}],"labels":["LummaStealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d0d3810-ad36-579d-b1c5-0669a80b9c3b","created":"2026-04-30T05:51:00.000Z","modified":"2026-04-30T05:51:00.000Z","valid_from":"2026-04-30T05:51:00.000Z","name":"ulmudhw.shop","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ulmudhw.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049728280052339142"}],"labels":["LummaStealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--231d3ac1-d24a-5fd3-8dd5-54faf61b24fb","created":"2026-04-30T05:51:00.000Z","modified":"2026-04-30T05:51:00.000Z","valid_from":"2026-04-30T05:51:00.000Z","name":"http://ulmudhw.shop","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ulmudhw.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049728280052339142"}],"labels":["LummaStealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67f1a685-e947-5e48-9ff4-d4fa340aec5d","created":"2026-04-30T05:51:00.000Z","modified":"2026-04-30T05:51:00.000Z","valid_from":"2026-04-30T05:51:00.000Z","name":"91.92.243.46","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.92.243.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049728280052339142"}],"labels":["LummaStealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e0b215b-70e7-514a-b8c3-ae9cbc92ac00","created":"2026-04-30T06:03:00.000Z","modified":"2026-04-30T06:03:00.000Z","valid_from":"2026-04-30T06:03:00.000Z","name":"38.240.51.74","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.240.51.74']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049731413654524089"}],"labels":["RAT","Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--80ab29b4-682d-51fd-8d4e-0d90dab235ab","created":"2026-04-30T06:03:00.000Z","modified":"2026-04-30T06:03:00.000Z","valid_from":"2026-04-30T06:03:00.000Z","name":"38.247.130.219","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.247.130.219']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049731413654524089"}],"labels":["RAT","Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a65022b5-6542-5349-a4a6-98024bc769b7","created":"2026-04-30T06:03:00.000Z","modified":"2026-04-30T06:03:00.000Z","valid_from":"2026-04-30T06:03:00.000Z","name":"45.74.61.23","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.74.61.23']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049731413654524089"}],"labels":["RAT","Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cec14329-10e2-520c-b0f0-3b13cbbdee5f","created":"2026-04-30T06:03:00.000Z","modified":"2026-04-30T06:03:00.000Z","valid_from":"2026-04-30T06:03:00.000Z","name":"45.141.148.126","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.141.148.126']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049731413654524089"}],"labels":["RAT","Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf405911-d0a2-539e-b69c-a3780256cd98","created":"2026-04-30T06:03:00.000Z","modified":"2026-04-30T06:03:00.000Z","valid_from":"2026-04-30T06:03:00.000Z","name":"91.92.120.68","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.92.120.68']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049731413654524089"}],"labels":["RAT","Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffaad417-597b-557c-9a28-d8846da54d8d","created":"2026-04-30T06:03:00.000Z","modified":"2026-04-30T06:03:00.000Z","valid_from":"2026-04-30T06:03:00.000Z","name":"178.193.174.6","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '178.193.174.6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049731413654524089"}],"labels":["RAT","Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c400401d-2b48-5921-a8d1-6ac06b94b416","created":"2026-04-30T06:03:00.000Z","modified":"2026-04-30T06:03:00.000Z","valid_from":"2026-04-30T06:03:00.000Z","name":"185.233.164.186","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.233.164.186']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049731413654524089"}],"labels":["RAT","Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--df38c761-ed5a-5a00-80f3-4219ce024023","created":"2026-04-30T06:03:00.000Z","modified":"2026-04-30T06:03:00.000Z","valid_from":"2026-04-30T06:03:00.000Z","name":"203.202.232.149","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '203.202.232.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2049731413654524089"}],"labels":["RAT","Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a125e5f9-d011-5817-a730-b6f7a305ac89","created":"2026-04-30T06:07:00.000Z","modified":"2026-04-30T06:07:00.000Z","valid_from":"2026-04-30T06:07:00.000Z","name":"va.permata.bankslemansyariah.co.id","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'va.permata.bankslemansyariah.co.id']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2049732366982091153"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c50741f5-3cb9-535a-ac5f-b3e02467770a","created":"2026-04-30T06:07:00.000Z","modified":"2026-04-30T06:07:00.000Z","valid_from":"2026-04-30T06:07:00.000Z","name":"https://www.va.permata.bankslemansyariah.co.id","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.va.permata.bankslemansyariah.co.id']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2049732366982091153"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--079f3a25-37a3-501e-b51f-368ba3b3f2f6","created":"2026-04-30T06:07:00.000Z","modified":"2026-04-30T06:07:00.000Z","valid_from":"2026-04-30T06:07:00.000Z","name":"153.92.13.152","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '153.92.13.152']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2049732366982091153"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--19dd5905-bc42-555e-8043-80e7512664b5","created":"2026-04-30T06:18:00.000Z","modified":"2026-04-30T06:18:00.000Z","valid_from":"2026-04-30T06:18:00.000Z","name":"rhythmite.cfd","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rhythmite.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049735138163200263"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0790b9c2-f66e-5b78-8f2f-91d63531fd74","created":"2026-04-30T06:18:00.000Z","modified":"2026-04-30T06:18:00.000Z","valid_from":"2026-04-30T06:18:00.000Z","name":"https://www.rhythmite.cfd/duodmqqglfugMcsjfekhdt","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.rhythmite.cfd/duodmqqglfugMcsjfekhdt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049735138163200263"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56372510-1633-593b-9668-4217b2fa2b39","created":"2026-04-30T07:07:00.000Z","modified":"2026-04-30T07:07:00.000Z","valid_from":"2026-04-30T07:07:00.000Z","name":"http://45.150.66.241","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.150.66.241']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049747425431081322"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--efcd2f04-4b58-5e4a-a058-abfa037dffd5","created":"2026-04-30T07:07:00.000Z","modified":"2026-04-30T07:07:00.000Z","valid_from":"2026-04-30T07:07:00.000Z","name":"45.150.66.241","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.150.66.241']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049747425431081322"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5e2128a-1fd4-5e2a-b20b-9a980017a8cf","created":"2026-04-30T07:36:00.000Z","modified":"2026-04-30T07:36:00.000Z","valid_from":"2026-04-30T07:36:00.000Z","name":"e-stat.e3ed5msd.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.e3ed5msd.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049754658357600647"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34960a83-294d-5bcc-b025-feb0f6c9619e","created":"2026-04-30T07:36:00.000Z","modified":"2026-04-30T07:36:00.000Z","valid_from":"2026-04-30T07:36:00.000Z","name":"https://e-stat.e3ed5msd.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.e3ed5msd.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049754658357600647"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ceb0bb6-6314-5df2-80c4-8bc50bbf8a5c","created":"2026-04-30T07:36:00.000Z","modified":"2026-04-30T07:36:00.000Z","valid_from":"2026-04-30T07:36:00.000Z","name":"https://e-stat.8mpf2yml.shop/oo6z309q","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.8mpf2yml.shop/oo6z309q']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2049754658357600647"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--289b1b4c-685b-554d-972f-1481988d06ba","created":"2026-04-30T08:35:17.000Z","modified":"2026-04-30T08:35:17.000Z","valid_from":"2026-04-30T08:35:17.000Z","name":"http://185.29.10.77/VbnpIdAHD29.bin","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://185.29.10.77/VbnpIdAHD29.bin']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2049769546609832080"}],"labels":["AgentTesla"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c89673d-f63d-5926-8d33-00bf6561628f","created":"2026-04-30T08:35:17.000Z","modified":"2026-04-30T08:35:17.000Z","valid_from":"2026-04-30T08:35:17.000Z","name":"185.29.10.77","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.29.10.77']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2049769546609832080"}],"labels":["AgentTesla"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4cc75b42-2990-5ff8-ae6b-f24096232567","created":"2026-04-30T08:36:00.000Z","modified":"2026-04-30T08:36:00.000Z","valid_from":"2026-04-30T08:36:00.000Z","name":"1da4f7f001d239a54fab50eb7c3cbc985db392a3d4405e19c3a5d2035d591004","description":"IOC reported by @nextronresearch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '1da4f7f001d239a54fab50eb7c3cbc985db392a3d4405e19c3a5d2035d591004']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/nextronresearch/status/2049769824952148131"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ba79604-e742-5357-8ad6-93d73869f8d6","created":"2026-04-30T08:44:00.000Z","modified":"2026-04-30T08:44:00.000Z","valid_from":"2026-04-30T08:44:00.000Z","name":"192.229.87.227","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.229.87.227']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049771804743614790"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41cdc469-7f66-574d-931f-4bcc510daab1","created":"2026-04-30T09:00:00.000Z","modified":"2026-04-30T09:00:00.000Z","valid_from":"2026-04-30T09:00:00.000Z","name":"5fc61384dd6f15e6bb510e0421000c1301a40d7acf05cedbeb6bc789c0a99d00","description":"IOC reported by @nextronresearch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5fc61384dd6f15e6bb510e0421000c1301a40d7acf05cedbeb6bc789c0a99d00']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/nextronresearch/status/2049775774027124938"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4557d943-6e94-562b-9ff5-7ec804e439f1","created":"2026-04-30T09:07:00.000Z","modified":"2026-04-30T09:07:00.000Z","valid_from":"2026-04-30T09:07:00.000Z","name":"185.102.115.84","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.102.115.84']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049777575980118322"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d68509b-b4d7-5523-bc4c-a2f08165397b","created":"2026-04-30T09:07:00.000Z","modified":"2026-04-30T09:07:00.000Z","valid_from":"2026-04-30T09:07:00.000Z","name":"3b9bbec828c3c3bde9f909fd785953629a88de4bbdcf338fa9ed92973ca212df","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '3b9bbec828c3c3bde9f909fd785953629a88de4bbdcf338fa9ed92973ca212df']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049777575980118322"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c372d24a-d554-502c-90dd-8f5329ea05b1","created":"2026-04-30T09:07:00.000Z","modified":"2026-04-30T09:07:00.000Z","valid_from":"2026-04-30T09:07:00.000Z","name":"e06e46d24342407c6b491440b33a7d68c5424c5e92c07906488389d347bdf8db","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'e06e46d24342407c6b491440b33a7d68c5424c5e92c07906488389d347bdf8db']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049777575980118322"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6f8e03f-86ce-5307-9839-9cce8ebbd314","created":"2026-04-30T09:08:00.000Z","modified":"2026-04-30T09:08:00.000Z","valid_from":"2026-04-30T09:08:00.000Z","name":"oilorigin.cfd","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'oilorigin.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049777983947514020"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0399fdd-8e60-5089-9ffc-c15226d986a6","created":"2026-04-30T09:08:00.000Z","modified":"2026-04-30T09:08:00.000Z","valid_from":"2026-04-30T09:08:00.000Z","name":"https://www.oilorigin.cfd/qgidteclapbsMnhhpcrrvt","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.oilorigin.cfd/qgidteclapbsMnhhpcrrvt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049777983947514020"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6dce45f-6813-59f1-916c-152f210eea0d","created":"2026-04-30T09:08:00.000Z","modified":"2026-04-30T09:08:00.000Z","valid_from":"2026-04-30T09:08:00.000Z","name":"https://www.rhythmite.cfd/alidsesglnzuMuxypptgtt","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.rhythmite.cfd/alidsesglnzuMuxypptgtt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049777983947514020"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81c07a04-ae84-54ca-8f28-5a2b2b15ed77","created":"2026-04-30T09:10:00.000Z","modified":"2026-04-30T09:10:00.000Z","valid_from":"2026-04-30T09:10:00.000Z","name":"kunden-accounts-dkb.ddns.info","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kunden-accounts-dkb.ddns.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049778430892183767"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7eeb3c9-fa07-5673-99cb-a17e10a2c626","created":"2026-04-30T09:10:00.000Z","modified":"2026-04-30T09:10:00.000Z","valid_from":"2026-04-30T09:10:00.000Z","name":"http://kunden-accounts-dkb.ddns.info","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kunden-accounts-dkb.ddns.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2049778430892183767"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fc20c4b-1f62-53e2-a17d-7058f240a275","created":"2026-04-30T09:31:00.000Z","modified":"2026-04-30T09:31:00.000Z","valid_from":"2026-04-30T09:31:00.000Z","name":"209.99.184.44","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '209.99.184.44']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049783567618912741"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b190aa6-730a-5a0d-beea-f36fe3f7f987","created":"2026-04-30T10:33:00.000Z","modified":"2026-04-30T10:33:00.000Z","valid_from":"2026-04-30T10:33:00.000Z","name":"73a0f53968477f796f87a9fbd825ad41e204b246a3cd293460d79a9c56daa210","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '73a0f53968477f796f87a9fbd825ad41e204b246a3cd293460d79a9c56daa210']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2049799170320687111"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--980fdc1f-cc46-595a-b147-8e9bb4203b20","created":"2026-04-30T11:01:00.000Z","modified":"2026-04-30T11:01:00.000Z","valid_from":"2026-04-30T11:01:00.000Z","name":"e3db497158afe3307a90ab2b1aaf40e9cbc76374a837d876fbe7eb3b02518e8b","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'e3db497158afe3307a90ab2b1aaf40e9cbc76374a837d876fbe7eb3b02518e8b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2049806355435782537"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9227b57f-eac5-57dd-9852-a0aaec8cd7e5","created":"2026-04-30T11:01:00.000Z","modified":"2026-04-30T11:01:00.000Z","valid_from":"2026-04-30T11:01:00.000Z","name":"e375467b0f62e04c62c73564f61fd4fbaf664cdfb2fbdf3edc75a1d6454ac40e","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'e375467b0f62e04c62c73564f61fd4fbaf664cdfb2fbdf3edc75a1d6454ac40e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2049806355435782537"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--155982b6-c7ca-56fb-918e-362b502be819","created":"2026-04-30T12:22:00.000Z","modified":"2026-04-30T12:22:00.000Z","valid_from":"2026-04-30T12:22:00.000Z","name":"ftp.abcebikes.com","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ftp.abcebikes.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2049826752688456080"}],"labels":["AgentTesla"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4004a27-1092-5242-b40b-c34aa0884217","created":"2026-04-30T12:22:00.000Z","modified":"2026-04-30T12:22:00.000Z","valid_from":"2026-04-30T12:22:00.000Z","name":"ftp://ftp.abcebikes.com","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'ftp://ftp.abcebikes.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2049826752688456080"}],"labels":["AgentTesla"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fcf50b00-8dfe-51e7-b239-42c2b132c636","created":"2026-04-30T12:44:51.000Z","modified":"2026-04-30T12:44:51.000Z","valid_from":"2026-04-30T12:44:51.000Z","name":"http://193.58.122.24","description":"IOC reported by @ViriBack on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.58.122.24']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ViriBack/status/2049832350817624516"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6571eeb7-2bed-5511-b1eb-a0bfe4067e0b","created":"2026-04-30T12:44:51.000Z","modified":"2026-04-30T12:44:51.000Z","valid_from":"2026-04-30T12:44:51.000Z","name":"http://144.31.165.219","description":"IOC reported by @ViriBack on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://144.31.165.219']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ViriBack/status/2049832350817624516"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3f415aa-6c92-5a33-b716-184b27129f45","created":"2026-04-30T12:44:51.000Z","modified":"2026-04-30T12:44:51.000Z","valid_from":"2026-04-30T12:44:51.000Z","name":"http://144.31.165.210","description":"IOC reported by @ViriBack on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://144.31.165.210']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ViriBack/status/2049832350817624516"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--84b9c5e4-bc15-5966-9d0c-03e5b2fa367d","created":"2026-04-30T12:44:51.000Z","modified":"2026-04-30T12:44:51.000Z","valid_from":"2026-04-30T12:44:51.000Z","name":"193.58.122.24","description":"IOC reported by @ViriBack on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.58.122.24']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ViriBack/status/2049832350817624516"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--390e480c-5387-5700-b8e2-c88bcf6ac0cd","created":"2026-04-30T12:44:51.000Z","modified":"2026-04-30T12:44:51.000Z","valid_from":"2026-04-30T12:44:51.000Z","name":"144.31.165.219","description":"IOC reported by @ViriBack on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '144.31.165.219']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ViriBack/status/2049832350817624516"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9777435a-2ece-5d84-ad24-2f0dacb3abee","created":"2026-04-30T12:44:51.000Z","modified":"2026-04-30T12:44:51.000Z","valid_from":"2026-04-30T12:44:51.000Z","name":"144.31.165.210","description":"IOC reported by @ViriBack on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '144.31.165.210']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ViriBack/status/2049832350817624516"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c56c5e53-f933-5525-8a1d-493fe9771d91","created":"2026-04-30T13:18:00.000Z","modified":"2026-04-30T13:18:00.000Z","valid_from":"2026-04-30T13:18:00.000Z","name":"a793c1a77afeb7d85ee525d6333339e40e2fec841a9d79d87d02524cf9034909","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'a793c1a77afeb7d85ee525d6333339e40e2fec841a9d79d87d02524cf9034909']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2049840780060115265"}],"labels":["Rhadamanthys"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9609d153-b6ad-534b-a7e7-a7dcf72e75da","created":"2026-04-30T13:20:00.000Z","modified":"2026-04-30T13:20:00.000Z","valid_from":"2026-04-30T13:20:00.000Z","name":"wordpress-1617813-6377570.cloudwaysapps.com","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wordpress-1617813-6377570.cloudwaysapps.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2049841222022254881"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfa827d8-de5f-5770-a32c-1fc879a18c00","created":"2026-04-30T13:20:00.000Z","modified":"2026-04-30T13:20:00.000Z","valid_from":"2026-04-30T13:20:00.000Z","name":"https://wordpress-1617813-6377570.cloudwaysapps.com/PAGI/au","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wordpress-1617813-6377570.cloudwaysapps.com/PAGI/au']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2049841222022254881"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a60e5c39-d4b2-56b7-99c9-959a7e12e414","created":"2026-04-30T14:40:00.000Z","modified":"2026-04-30T14:40:00.000Z","valid_from":"2026-04-30T14:40:00.000Z","name":"autos-gateway-enhanced-governor.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'autos-gateway-enhanced-governor.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049861452186472895"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0daaa5cc-250b-52e0-972c-1d5de227542b","created":"2026-04-30T14:40:00.000Z","modified":"2026-04-30T14:40:00.000Z","valid_from":"2026-04-30T14:40:00.000Z","name":"http://autos-gateway-enhanced-governor.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://autos-gateway-enhanced-governor.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2049861452186472895"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--302901d3-4e7e-5468-adcf-250e68476240","created":"2026-04-30T15:10:00.000Z","modified":"2026-04-30T15:10:00.000Z","valid_from":"2026-04-30T15:10:00.000Z","name":"web.mufgbkjp.com","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'web.mufgbkjp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2049868968803119210"}],"labels":["scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0fa4fd27-08d9-5bd8-8c8e-d3a1eda8c08c","created":"2026-04-30T15:10:00.000Z","modified":"2026-04-30T15:10:00.000Z","valid_from":"2026-04-30T15:10:00.000Z","name":"https://web.mufgbkjp.com","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://web.mufgbkjp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2049868968803119210"}],"labels":["scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--414fbb8b-e68f-5191-a2ea-8711d06d592e","created":"2026-04-30T15:10:00.000Z","modified":"2026-04-30T15:10:00.000Z","valid_from":"2026-04-30T15:10:00.000Z","name":"175.41.25.174","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '175.41.25.174']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2049868968803119210"}],"labels":["scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7550a09d-a857-5061-a0b4-186475990380","created":"2026-04-30T18:45:48.000Z","modified":"2026-04-30T18:45:48.000Z","valid_from":"2026-04-30T18:45:48.000Z","name":"amaisromao.com.br","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'amaisromao.com.br']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049923187933130970"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0fab45b8-5404-50da-988e-3b9ec080898c","created":"2026-04-30T18:45:48.000Z","modified":"2026-04-30T18:45:48.000Z","valid_from":"2026-04-30T18:45:48.000Z","name":"https://amaisromao.com.br/ika/complete.php","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://amaisromao.com.br/ika/complete.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049923187933130970"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdc90adc-22a1-5fff-93af-da9dedfdac35","created":"2026-04-30T18:51:00.000Z","modified":"2026-04-30T18:51:00.000Z","valid_from":"2026-04-30T18:51:00.000Z","name":"inlinepol4s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol4s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--381f83dc-da05-541c-bae2-1516c69fcf1c","created":"2026-04-30T18:51:00.000Z","modified":"2026-04-30T18:51:00.000Z","valid_from":"2026-04-30T18:51:00.000Z","name":"http://inlinepol4s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol4s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e3e8e5f-4c4a-5f13-9a3e-254cbcaf550e","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"newpolinf9s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf9s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e491c36-f49e-5418-ba08-829dce981e80","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"http://newpolinf9s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf9s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e748aa77-6c7c-5e02-b3e9-a46aea11166e","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"emspol4s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol4s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e96bff0b-25da-5e7e-8981-222bf354b299","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"http://emspol4s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol4s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--efdbaeb1-952c-5428-ab73-0e5f84cbf213","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"docinfo.ntdepchk87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ntdepchk87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d52e039b-f33e-5a21-a3bd-b887c99e1036","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"http://docinfo.ntdepchk87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ntdepchk87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4bd45f7-bce0-5a78-b87e-18fa6fcff329","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"ntdepchk65s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk65s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f4a27bf-53d5-57c3-9baa-4d3369f77d33","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"http://ntdepchk65s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk65s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf926598-5c73-5c0e-95b1-c4b056f3c352","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"ntdepchk87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83b393fa-755e-51b7-9b4a-efd6abe351b4","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"http://ntdepchk87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b39d9984-f356-5ce0-a90f-485d1bd4a76c","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"ntdepchk17s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk17s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e5fc240-ff84-540b-8592-6fcab818c248","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"http://ntdepchk17s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk17s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43ba2ca1-a2f7-5752-a746-15025fbf1dd0","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"nhpolercm6v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm6v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--20dd6773-49fa-5cb8-910f-dfbf106c5477","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"http://nhpolercm6v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm6v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5432e9f7-7711-582d-aeaa-ecb557a6fde3","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"nmethodsrc15v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nmethodsrc15v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--764c5464-1bd2-585d-85ca-7bcd6a11658a","created":"2026-04-30T18:51:12.000Z","modified":"2026-04-30T18:51:12.000Z","valid_from":"2026-04-30T18:51:12.000Z","name":"http://nmethodsrc15v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nmethodsrc15v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3361aa00-9dfc-55bc-9a34-ba34222405f7","created":"2026-04-30T20:06:40.000Z","modified":"2026-04-30T20:06:40.000Z","valid_from":"2026-04-30T20:06:40.000Z","name":"a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049943537936994453"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c4e8eea-1529-5121-a7fc-67b9a1a128d4","created":"2026-04-30T21:16:00.000Z","modified":"2026-04-30T21:16:00.000Z","valid_from":"2026-04-30T21:16:00.000Z","name":"http://105.119.41.0","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://105.119.41.0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049961066994471238"}],"labels":["scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f533fcdf-6a57-5105-bf06-a4caea80e0ae","created":"2026-04-30T22:37:00.000Z","modified":"2026-04-30T22:37:00.000Z","valid_from":"2026-04-30T22:37:00.000Z","name":"784d9273c75e983f2b4730d1f2198cc44e9599709f4a5519a2bd3049095dc9d5","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '784d9273c75e983f2b4730d1f2198cc44e9599709f4a5519a2bd3049095dc9d5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2049981598288969754"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84092740-b6f2-52e1-9a87-875251488d21","created":"2026-04-30T22:49:00.000Z","modified":"2026-04-30T22:49:00.000Z","valid_from":"2026-04-30T22:49:00.000Z","name":"dai-iichi-lifei.co.jp.geraiqawti.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dai-iichi-lifei.co.jp.geraiqawti.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049984555831198075"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--328b5cc4-b553-5052-874d-c5d16bec6650","created":"2026-04-30T22:49:00.000Z","modified":"2026-04-30T22:49:00.000Z","valid_from":"2026-04-30T22:49:00.000Z","name":"https://dai-iichi-lifei.co.jp.geraiqawti.com/legal/keiei/success/index_html","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dai-iichi-lifei.co.jp.geraiqawti.com/legal/keiei/success/index_html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049984555831198075"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4088ca94-2f70-5417-b71b-34324cbddca9","created":"2026-04-30T22:49:00.000Z","modified":"2026-04-30T22:49:00.000Z","valid_from":"2026-04-30T22:49:00.000Z","name":"dai-iichi-lifei.co.jp.loiaseuise.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dai-iichi-lifei.co.jp.loiaseuise.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049984555831198075"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41613ac1-06e8-5caa-866a-68ceecc7e9e9","created":"2026-04-30T22:49:00.000Z","modified":"2026-04-30T22:49:00.000Z","valid_from":"2026-04-30T22:49:00.000Z","name":"https://dai-iichi-lifei.co.jp.loiaseuise.com/legal/keiei/success/index_html","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dai-iichi-lifei.co.jp.loiaseuise.com/legal/keiei/success/index_html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2049984555831198075"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--19c99b31-2878-5f98-a04e-eb6e277b0c31","created":"2026-05-01T02:47:00.000Z","modified":"2026-05-01T02:47:00.000Z","valid_from":"2026-05-01T02:47:00.000Z","name":"nedabaci.z4.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nedabaci.z4.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050044303926505846"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--26b66ae6-3c49-565b-b7ab-cacd0227c089","created":"2026-05-01T02:47:00.000Z","modified":"2026-05-01T02:47:00.000Z","valid_from":"2026-05-01T02:47:00.000Z","name":"https://nedabaci.z4.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nedabaci.z4.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050044303926505846"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ba00b9f-20a0-5cf0-a7be-1a9853ec70b5","created":"2026-05-01T04:07:22.000Z","modified":"2026-05-01T04:07:22.000Z","valid_from":"2026-05-01T04:07:22.000Z","name":"creassociates.us","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'creassociates.us']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2050064510095118705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f5b66f6-07e9-5025-bee6-e40c3a046fb1","created":"2026-05-01T04:07:22.000Z","modified":"2026-05-01T04:07:22.000Z","valid_from":"2026-05-01T04:07:22.000Z","name":"https://www.creassociates.us/ssa","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.creassociates.us/ssa']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2050064510095118705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93f561e3-1252-5a08-8ea7-5273933a015e","created":"2026-05-01T06:31:00.000Z","modified":"2026-05-01T06:31:00.000Z","valid_from":"2026-05-01T06:31:00.000Z","name":"e-stat.f58vo5v9.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.f58vo5v9.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050100796789031128"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--588412a1-f8e7-526e-b801-f56389cb4a72","created":"2026-05-01T06:31:00.000Z","modified":"2026-05-01T06:31:00.000Z","valid_from":"2026-05-01T06:31:00.000Z","name":"https://e-stat.f58vo5v9.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.f58vo5v9.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050100796789031128"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43966fe5-de94-595a-af61-0264a781b677","created":"2026-05-01T06:47:00.000Z","modified":"2026-05-01T06:47:00.000Z","valid_from":"2026-05-01T06:47:00.000Z","name":"e-stat.26mwt3v0.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.26mwt3v0.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050104822515564575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc44c9ce-af59-5b50-a31b-a5e4aa99f665","created":"2026-05-01T06:47:00.000Z","modified":"2026-05-01T06:47:00.000Z","valid_from":"2026-05-01T06:47:00.000Z","name":"https://e-stat.26mwt3v0.shop/2xj3nsrm","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.26mwt3v0.shop/2xj3nsrm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050104822515564575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d30330a-7aa7-5ad5-b9e5-0eeb8016e0c9","created":"2026-05-01T06:47:00.000Z","modified":"2026-05-01T06:47:00.000Z","valid_from":"2026-05-01T06:47:00.000Z","name":"e-stat.8mpf2yml.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.8mpf2yml.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050104822515564575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ceb0bb6-6314-5df2-80c4-8bc50bbf8a5c","created":"2026-05-01T06:47:00.000Z","modified":"2026-05-01T06:47:00.000Z","valid_from":"2026-05-01T06:47:00.000Z","name":"https://e-stat.8mpf2yml.shop/oo6z309q","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.8mpf2yml.shop/oo6z309q']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050104822515564575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35d95a92-8892-5c9b-ba20-3ef66f038b8d","created":"2026-05-01T06:47:00.000Z","modified":"2026-05-01T06:47:00.000Z","valid_from":"2026-05-01T06:47:00.000Z","name":"e-stat.9g4icuky.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.9g4icuky.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050104822515564575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50c41b0a-17f3-5cce-bf55-33891b7702e7","created":"2026-05-01T06:47:00.000Z","modified":"2026-05-01T06:47:00.000Z","valid_from":"2026-05-01T06:47:00.000Z","name":"https://e-stat.9g4icuky.shop/oo6z309q","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.9g4icuky.shop/oo6z309q']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050104822515564575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aace74ac-1bb9-563c-b1af-c3a3f27930e5","created":"2026-05-01T06:47:00.000Z","modified":"2026-05-01T06:47:00.000Z","valid_from":"2026-05-01T06:47:00.000Z","name":"e-stat.26rni3t0.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.26rni3t0.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050104822515564575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e538d79-621d-55d9-82dc-d1943d23b861","created":"2026-05-01T06:47:00.000Z","modified":"2026-05-01T06:47:00.000Z","valid_from":"2026-05-01T06:47:00.000Z","name":"https://e-stat.26rni3t0.shop/2xj3nsrm","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.26rni3t0.shop/2xj3nsrm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050104822515564575"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eecb7a80-c379-550c-81f9-62d27184bc04","created":"2026-05-01T07:10:00.000Z","modified":"2026-05-01T07:10:00.000Z","valid_from":"2026-05-01T07:10:00.000Z","name":"eva-dmc4.halfmoon.jp","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eva-dmc4.halfmoon.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050110480988213610"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a307621a-694c-5c18-ad0a-d952d15489b5","created":"2026-05-01T07:10:00.000Z","modified":"2026-05-01T07:10:00.000Z","valid_from":"2026-05-01T07:10:00.000Z","name":"http://eva-dmc4.halfmoon.jp/eva-dmc4/cutlinks/rank.php?url=","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eva-dmc4.halfmoon.jp/eva-dmc4/cutlinks/rank.php?url=']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050110480988213610"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fbea6ea-507b-52d5-bb41-ff7fbe439873","created":"2026-05-01T07:53:00.000Z","modified":"2026-05-01T07:53:00.000Z","valid_from":"2026-05-01T07:53:00.000Z","name":"dce129d76376530da2eb46a61574675b","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'dce129d76376530da2eb46a61574675b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2050121536791790020"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ac0f1a8-4157-5470-8d90-45d416827382","created":"2026-05-01T08:28:00.000Z","modified":"2026-05-01T08:28:00.000Z","valid_from":"2026-05-01T08:28:00.000Z","name":"reliable-queijadas.netlify.app","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'reliable-queijadas.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050130180778410354"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c64a8c8-d8bd-5651-aa1d-5e9b7fb6c1e3","created":"2026-05-01T08:28:00.000Z","modified":"2026-05-01T08:28:00.000Z","valid_from":"2026-05-01T08:28:00.000Z","name":"http://reliable-queijadas.netlify.app","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://reliable-queijadas.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050130180778410354"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ed2ac60-7103-5519-bd8a-33efedf0aa6f","created":"2026-05-01T08:28:00.000Z","modified":"2026-05-01T08:28:00.000Z","valid_from":"2026-05-01T08:28:00.000Z","name":"http://reliable-queijadas.netlify.app/1st.php","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://reliable-queijadas.netlify.app/1st.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050130180778410354"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31928e33-c0cf-5479-bf53-a47978fe0a03","created":"2026-05-01T09:20:30.000Z","modified":"2026-05-01T09:20:30.000Z","valid_from":"2026-05-01T09:20:30.000Z","name":"229a945794ad056001982803a6a58a8c","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '229a945794ad056001982803a6a58a8c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050143313093664849"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f2d21cb-dbf2-5efc-b0b3-58f01c21f145","created":"2026-05-01T09:22:00.000Z","modified":"2026-05-01T09:22:00.000Z","valid_from":"2026-05-01T09:22:00.000Z","name":"windowsupdate.sh","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'windowsupdate.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2050143909209317439"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1195250a-d063-5cb7-a438-83ffeea83419","created":"2026-05-01T09:22:00.000Z","modified":"2026-05-01T09:22:00.000Z","valid_from":"2026-05-01T09:22:00.000Z","name":"http://windowsupdate.sh:18888/sub_shell.py","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://windowsupdate.sh:18888/sub_shell.py']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2050143909209317439"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--337d83c7-9759-5b87-bcb3-26face8574cf","created":"2026-05-01T09:22:00.000Z","modified":"2026-05-01T09:22:00.000Z","valid_from":"2026-05-01T09:22:00.000Z","name":"154.18.187.239","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '154.18.187.239']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2050143909209317439"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce647a68-535d-503c-82d1-74480cb8bea9","created":"2026-05-01T09:46:00.000Z","modified":"2026-05-01T09:46:00.000Z","valid_from":"2026-05-01T09:46:00.000Z","name":"172.94.9.250","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '172.94.9.250']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2050149887099166925"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a4ac2f2-0743-5a4f-9360-56c98a753d0b","created":"2026-05-01T09:46:00.000Z","modified":"2026-05-01T09:46:00.000Z","valid_from":"2026-05-01T09:46:00.000Z","name":"0671651cc75808d90f9177fad493ec53","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '0671651cc75808d90f9177fad493ec53']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2050149887099166925"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc4c10b9-8332-5cf5-832d-8494c40d8a52","created":"2026-05-01T09:52:37.000Z","modified":"2026-05-01T09:52:37.000Z","valid_from":"2026-05-01T09:52:37.000Z","name":"8888.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '8888.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050151395370672170"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--58d4241f-35ae-51df-840d-38877bd52406","created":"2026-05-01T09:52:37.000Z","modified":"2026-05-01T09:52:37.000Z","valid_from":"2026-05-01T09:52:37.000Z","name":"http://8888.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://8888.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050151395370672170"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c083b62-eb04-5b54-a123-4705c185fea8","created":"2026-05-01T10:00:00.000Z","modified":"2026-05-01T10:00:00.000Z","valid_from":"2026-05-01T10:00:00.000Z","name":"dpdlocajs.shop","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dpdlocajs.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2050153362759324057"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a976644-c925-5b86-b3ef-410fdb970ee6","created":"2026-05-01T10:00:00.000Z","modified":"2026-05-01T10:00:00.000Z","valid_from":"2026-05-01T10:00:00.000Z","name":"https://www.dpdlocajs.shop/com/","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.dpdlocajs.shop/com/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2050153362759324057"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ccba281d-84dd-5866-aa4c-59e99d0eeb8d","created":"2026-05-01T10:00:00.000Z","modified":"2026-05-01T10:00:00.000Z","valid_from":"2026-05-01T10:00:00.000Z","name":"43.133.55.35","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.133.55.35']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2050153362759324057"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c68e0ad-921e-5f75-860e-be228d35e200","created":"2026-05-01T10:20:43.000Z","modified":"2026-05-01T10:20:43.000Z","valid_from":"2026-05-01T10:20:43.000Z","name":"hebsbsbzjsjshduxbs.xyz","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hebsbsbzjsjshduxbs.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2050158465805607301"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9a23365-5dab-5dfb-a3e8-218f3e66c34c","created":"2026-05-01T10:20:43.000Z","modified":"2026-05-01T10:20:43.000Z","valid_from":"2026-05-01T10:20:43.000Z","name":"http://hebsbsbzjsjshduxbs.xyz","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hebsbsbzjsjshduxbs.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2050158465805607301"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fe24762-78ec-5832-94ac-ad372dd29623","created":"2026-05-01T10:20:43.000Z","modified":"2026-05-01T10:20:43.000Z","valid_from":"2026-05-01T10:20:43.000Z","name":"199449965acb7ab2ce7d45b70729c784","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '199449965acb7ab2ce7d45b70729c784']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2050158465805607301"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d329d069-9fde-5479-9eee-c74852ece95a","created":"2026-05-01T12:45:00.000Z","modified":"2026-05-01T12:45:00.000Z","valid_from":"2026-05-01T12:45:00.000Z","name":"http://205.237.106.117","description":"IOC reported by @adversarialy on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://205.237.106.117']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/adversarialy/status/2050194983278313501"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7e6befe-cae7-5392-bc36-67a34d3d42a7","created":"2026-05-01T12:45:00.000Z","modified":"2026-05-01T12:45:00.000Z","valid_from":"2026-05-01T12:45:00.000Z","name":"205.237.106.117","description":"IOC reported by @adversarialy on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '205.237.106.117']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/adversarialy/status/2050194983278313501"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--67424e67-f4e2-5f8f-a032-c20299fc82ac","created":"2026-05-01T12:47:00.000Z","modified":"2026-05-01T12:47:00.000Z","valid_from":"2026-05-01T12:47:00.000Z","name":"http://92.88.98.199/GuruITDDoS/RpcSecurity.x86_64","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://92.88.98.199/GuruITDDoS/RpcSecurity.x86_64']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2050195448544034820"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7bf0330-f45f-590c-a91b-659bf9f99849","created":"2026-05-01T12:47:00.000Z","modified":"2026-05-01T12:47:00.000Z","valid_from":"2026-05-01T12:47:00.000Z","name":"62.171.169.207","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '62.171.169.207']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2050195448544034820"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--42635fdb-a5ad-5681-836a-f29a3983957d","created":"2026-05-01T12:47:00.000Z","modified":"2026-05-01T12:47:00.000Z","valid_from":"2026-05-01T12:47:00.000Z","name":"92.88.98.199","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '92.88.98.199']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2050195448544034820"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a7816a6-c786-5d51-891c-eb069f01f1e9","created":"2026-05-01T12:47:00.000Z","modified":"2026-05-01T12:47:00.000Z","valid_from":"2026-05-01T12:47:00.000Z","name":"6a7a32cee9c2dcd46784a93edc339c0e","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '6a7a32cee9c2dcd46784a93edc339c0e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2050195448544034820"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--31b94bbb-a2f2-523b-a10c-1b4396d393a9","created":"2026-05-01T12:48:00.000Z","modified":"2026-05-01T12:48:00.000Z","valid_from":"2026-05-01T12:48:00.000Z","name":"xlabslover.lol","description":"IOC reported by @TuringAlex on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xlabslover.lol']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/TuringAlex/status/2050195660285391332"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eeb352fb-ae3a-5fb6-a0e0-31e3dcbf96db","created":"2026-05-01T12:48:00.000Z","modified":"2026-05-01T12:48:00.000Z","valid_from":"2026-05-01T12:48:00.000Z","name":"http://xlabslover.lol","description":"IOC reported by @TuringAlex on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xlabslover.lol']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/TuringAlex/status/2050195660285391332"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3cd7070c-36b7-5b2c-b2a4-4f59fc479eac","created":"2026-05-01T14:12:38.000Z","modified":"2026-05-01T14:12:38.000Z","valid_from":"2026-05-01T14:12:38.000Z","name":"43.1.1.1","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.1.1.1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050216833681404140"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2db3e89-4247-5758-a79d-19905f300d7c","created":"2026-05-01T14:27:00.000Z","modified":"2026-05-01T14:27:00.000Z","valid_from":"2026-05-01T14:27:00.000Z","name":"https://213.202.211.231","description":"IOC reported by @TeamDreier on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://213.202.211.231']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/TeamDreier/status/2050220625063559286"}],"labels":["Evilginx"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8c2e7bc-bc58-5e50-8428-8875bd3e9ea1","created":"2026-05-01T14:27:00.000Z","modified":"2026-05-01T14:27:00.000Z","valid_from":"2026-05-01T14:27:00.000Z","name":"213.202.211.231","description":"IOC reported by @TeamDreier on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '213.202.211.231']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/TeamDreier/status/2050220625063559286"}],"labels":["Evilginx"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b53435c-4090-5a6d-986b-595bee11f666","created":"2026-05-01T14:47:00.000Z","modified":"2026-05-01T14:47:00.000Z","valid_from":"2026-05-01T14:47:00.000Z","name":"api.drazyland.us","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.drazyland.us']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050225617069633840"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f28ece9a-b13d-57ce-82b8-3a7f0ccda56e","created":"2026-05-01T14:47:00.000Z","modified":"2026-05-01T14:47:00.000Z","valid_from":"2026-05-01T14:47:00.000Z","name":"https://api.drazyland.us/cdn/java-7byA72.exe","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://api.drazyland.us/cdn/java-7byA72.exe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050225617069633840"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b01f28a-2a1b-55c2-ac45-4ae8885fb958","created":"2026-05-01T14:53:00.000Z","modified":"2026-05-01T14:53:00.000Z","valid_from":"2026-05-01T14:53:00.000Z","name":"http://85.239.144.105/controlld","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://85.239.144.105/controlld']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050227237236961290"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef74b7b0-a903-5b12-aa6d-4d56b75f7e2e","created":"2026-05-01T14:53:00.000Z","modified":"2026-05-01T14:53:00.000Z","valid_from":"2026-05-01T14:53:00.000Z","name":"http://176.65.144.30","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://176.65.144.30']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050227237236961290"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e607369f-52a9-5f53-8240-69b5ec6d333a","created":"2026-05-01T14:53:00.000Z","modified":"2026-05-01T14:53:00.000Z","valid_from":"2026-05-01T14:53:00.000Z","name":"85.239.144.105","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '85.239.144.105']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050227237236961290"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0b03898-92e2-57d0-b18f-83651c1c9ff9","created":"2026-05-01T14:53:00.000Z","modified":"2026-05-01T14:53:00.000Z","valid_from":"2026-05-01T14:53:00.000Z","name":"176.65.144.30","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '176.65.144.30']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050227237236961290"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--876cc7e0-2412-55a9-8b6b-4b49e13d4198","created":"2026-05-01T14:58:00.000Z","modified":"2026-05-01T14:58:00.000Z","valid_from":"2026-05-01T14:58:00.000Z","name":"svnegociosappempresa.duckdns.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'svnegociosappempresa.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050228268184354916"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d8440d9-220f-5b9f-af6b-2993730f319c","created":"2026-05-01T14:58:00.000Z","modified":"2026-05-01T14:58:00.000Z","valid_from":"2026-05-01T14:58:00.000Z","name":"http://svnegociosappempresa.duckdns.org:5045","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://svnegociosappempresa.duckdns.org:5045']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050228268184354916"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--783ff74b-83ad-513a-9d2d-9e43168bc06a","created":"2026-05-01T15:05:00.000Z","modified":"2026-05-01T15:05:00.000Z","valid_from":"2026-05-01T15:05:00.000Z","name":"ns1.controlpanel.sbs","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ns1.controlpanel.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2050230209748652254"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb9956a8-f449-56d3-b762-41fe9446e981","created":"2026-05-01T15:05:00.000Z","modified":"2026-05-01T15:05:00.000Z","valid_from":"2026-05-01T15:05:00.000Z","name":"http://ns1.controlpanel.sbs","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ns1.controlpanel.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2050230209748652254"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6db145f-cb31-5b21-8bba-9922b4418359","created":"2026-05-01T15:05:00.000Z","modified":"2026-05-01T15:05:00.000Z","valid_from":"2026-05-01T15:05:00.000Z","name":"riverstonetrusts.icu","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'riverstonetrusts.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2050230209748652254"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4d43444-cbec-5e01-9c53-7067f2e73301","created":"2026-05-01T15:05:00.000Z","modified":"2026-05-01T15:05:00.000Z","valid_from":"2026-05-01T15:05:00.000Z","name":"http://riverstonetrusts.icu","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://riverstonetrusts.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2050230209748652254"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f538f5c3-cb27-572c-9a7e-a8654670d6fc","created":"2026-05-01T15:28:00.000Z","modified":"2026-05-01T15:28:00.000Z","valid_from":"2026-05-01T15:28:00.000Z","name":"http://67.102.7.106:41762/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://67.102.7.106:41762/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2050235883580743815"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--13ffab08-38e4-53d2-aa4b-f93ac6b3fd14","created":"2026-05-01T15:28:00.000Z","modified":"2026-05-01T15:28:00.000Z","valid_from":"2026-05-01T15:28:00.000Z","name":"67.102.7.106","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '67.102.7.106']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2050235883580743815"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9c4307b-ea10-562a-8038-bb15841c335a","created":"2026-05-01T16:19:51.000Z","modified":"2026-05-01T16:19:51.000Z","valid_from":"2026-05-01T16:19:51.000Z","name":"http://180.93.243.75:8080","description":"IOC reported by @hawktrace on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://180.93.243.75:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hawktrace/status/2050248847629193233"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a2b69b5-3882-5e89-95f7-c033fb26e38e","created":"2026-05-01T16:19:51.000Z","modified":"2026-05-01T16:19:51.000Z","valid_from":"2026-05-01T16:19:51.000Z","name":"http://45.140.164.151:8080/IXhwpJOUk4/blue.drx","description":"IOC reported by @hawktrace on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.140.164.151:8080/IXhwpJOUk4/blue.drx']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hawktrace/status/2050248847629193233"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01df0067-1efa-5055-b95b-c40dfdbc3b9d","created":"2026-05-01T16:19:51.000Z","modified":"2026-05-01T16:19:51.000Z","valid_from":"2026-05-01T16:19:51.000Z","name":"http://180.93.243.75:8080/ovh","description":"IOC reported by @hawktrace on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://180.93.243.75:8080/ovh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hawktrace/status/2050248847629193233"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44a88a11-36b0-5f81-bce2-60490550a9dd","created":"2026-05-01T16:19:51.000Z","modified":"2026-05-01T16:19:51.000Z","valid_from":"2026-05-01T16:19:51.000Z","name":"https://raw.githubusercontent.com/nezhahq/scripts/main/agent/install.sh","description":"IOC reported by @hawktrace on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://raw.githubusercontent.com/nezhahq/scripts/main/agent/install.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hawktrace/status/2050248847629193233"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ee4980b-9b4f-5039-8801-e4e1d2a4ab6c","created":"2026-05-01T16:19:51.000Z","modified":"2026-05-01T16:19:51.000Z","valid_from":"2026-05-01T16:19:51.000Z","name":"180.93.243.75","description":"IOC reported by @hawktrace on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '180.93.243.75']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hawktrace/status/2050248847629193233"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2abe3219-98cd-5325-a04b-970031f189de","created":"2026-05-01T16:19:51.000Z","modified":"2026-05-01T16:19:51.000Z","valid_from":"2026-05-01T16:19:51.000Z","name":"45.140.164.151","description":"IOC reported by @hawktrace on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.140.164.151']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hawktrace/status/2050248847629193233"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33db9f77-c744-5d0e-9068-bbd20d24f12c","created":"2026-05-01T16:19:51.000Z","modified":"2026-05-01T16:19:51.000Z","valid_from":"2026-05-01T16:19:51.000Z","name":"68.183.190.253","description":"IOC reported by @hawktrace on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '68.183.190.253']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/hawktrace/status/2050248847629193233"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--864cd766-c7f4-5801-bc52-73d4c5402779","created":"2026-05-01T16:38:00.000Z","modified":"2026-05-01T16:38:00.000Z","valid_from":"2026-05-01T16:38:00.000Z","name":"37.49.229.75","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '37.49.229.75']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2050253436386513153"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c596b881-88b7-5cf1-ae5f-6bc57798127d","created":"2026-05-01T16:43:00.000Z","modified":"2026-05-01T16:43:00.000Z","valid_from":"2026-05-01T16:43:00.000Z","name":"79.7.152.162","description":"IOC reported by @4_n_0_n_1_3_3_7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '79.7.152.162']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/4_n_0_n_1_3_3_7/status/2050254806078435423"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--568ffda2-293d-5a32-a105-a5659174831e","created":"2026-05-01T16:48:22.000Z","modified":"2026-05-01T16:48:22.000Z","valid_from":"2026-05-01T16:48:22.000Z","name":"fulcrumsec.net","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fulcrumsec.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2050256021852164191"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9c90828-72fc-5d37-b864-a4e5a6f4a185","created":"2026-05-01T16:48:22.000Z","modified":"2026-05-01T16:48:22.000Z","valid_from":"2026-05-01T16:48:22.000Z","name":"http://fulcrumsec.net","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fulcrumsec.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2050256021852164191"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bde86048-f722-5313-a156-6465d4763ec7","created":"2026-05-01T16:48:22.000Z","modified":"2026-05-01T16:48:22.000Z","valid_from":"2026-05-01T16:48:22.000Z","name":"4e3p3in2bl67hxchuwza7qvnpe7pyeloyztr5fnh257fxkovfhappjyd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '4e3p3in2bl67hxchuwza7qvnpe7pyeloyztr5fnh257fxkovfhappjyd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2050256021852164191"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb1583bf-f110-5f63-8e47-2126a048eda3","created":"2026-05-01T16:48:22.000Z","modified":"2026-05-01T16:48:22.000Z","valid_from":"2026-05-01T16:48:22.000Z","name":"http://4e3p3in2bl67hxchuwza7qvnpe7pyeloyztr5fnh257fxkovfhappjyd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://4e3p3in2bl67hxchuwza7qvnpe7pyeloyztr5fnh257fxkovfhappjyd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2050256021852164191"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc173d76-2884-5ea7-bf44-4ac85b76e56b","created":"2026-05-01T17:05:13.000Z","modified":"2026-05-01T17:05:13.000Z","valid_from":"2026-05-01T17:05:13.000Z","name":"drazygang.space","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'drazygang.space']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050260261995528353"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b89efcf-6aa9-5ec5-8f72-b2ecc09bfce0","created":"2026-05-01T17:05:13.000Z","modified":"2026-05-01T17:05:13.000Z","valid_from":"2026-05-01T17:05:13.000Z","name":"http://drazygang.space","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://drazygang.space']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050260261995528353"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1aa179fd-50b2-53e0-bcac-42add4e21862","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"opt5ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'opt5ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--87557fb9-6725-50fc-8609-bc5ecfe30a29","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://opt5ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://opt5ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af69701a-d8f2-5a01-a3b6-5c489c2d660f","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"nids.opt5ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.opt5ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37c92d7d-9e3c-5575-8929-ed95dd813526","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://nids.opt5ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.opt5ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c02807a-aff5-5e3b-aa4f-cb1165d79280","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"opt17ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'opt17ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f3cabee-58b3-53b9-8a9f-5cb029ce0b72","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://opt17ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://opt17ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0110313f-ae73-5dab-8b74-5ef4027ef5cb","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"nids.opt17ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.opt17ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23454d60-4d49-5fc6-96a8-7e4d8194afa4","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://nids.opt17ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.opt17ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ab1e0c4-ad38-5ac8-b571-9091b018fc0d","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"htr6ies.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'htr6ies.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2562798-1932-5491-a5cb-57b43c4a36be","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://htr6ies.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://htr6ies.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f083480a-7ce6-5b58-a1ad-5c1e26b9d61e","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"htr19ies.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'htr19ies.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--840fd5bb-afa3-5fd7-a237-7b2cd3cdcbeb","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://htr19ies.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://htr19ies.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05c543f0-1af0-5ee5-8876-1c18f24e9645","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"itx26ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'itx26ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--716fba16-d20a-5e82-a7e2-a6703d67dd0b","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://itx26ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://itx26ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--587c4695-fc55-5f58-960e-b41e64067062","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"nid-login.itx26ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-login.itx26ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--19a53879-d52e-5faf-8256-bd16d828aeac","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://nid-login.itx26ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-login.itx26ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf4ce767-90dc-5857-99cb-4c2b529160ce","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"trx16nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'trx16nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--961c11cb-fbf8-5fce-9d3b-c3c6c7a8d72e","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://trx16nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://trx16nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7ce43d9-3f8a-5b25-b62b-9aac5570b107","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"nids.trx16nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.trx16nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--da0ea29b-61cf-5517-b71c-d8770e5f28b4","created":"2026-05-01T18:37:00.000Z","modified":"2026-05-01T18:37:00.000Z","valid_from":"2026-05-01T18:37:00.000Z","name":"http://nids.trx16nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.trx16nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9dcc2eb-1063-55da-b564-a1a5260d7345","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"connect-sncf.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'connect-sncf.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e916160d-c193-5c34-9bf9-7b12a59877c2","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"http://connect-sncf.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://connect-sncf.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c2bf04f-f13a-50f1-99ef-c9c7249e25f5","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"api.connect-sncf.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.connect-sncf.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2791012-f172-53c6-87e5-13722c4bfffd","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"http://api.connect-sncf.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.connect-sncf.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--318fd33f-612f-5ba5-8c25-f8b491c6c6e4","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"api.sncfconnect.cam","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.sncfconnect.cam']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8971f927-c2f8-5c9d-ba2c-c6a459ccc290","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"http://api.sncfconnect.cam","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.sncfconnect.cam']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12b2aa5c-7c1e-51b1-a390-7c4de932280f","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"connect-sncf.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'connect-sncf.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--295cc224-7f89-53ff-ba58-cba81afd94f0","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"http://connect-sncf.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://connect-sncf.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07c7b3ea-b043-5d94-9fed-6006a648b11a","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"api.connect-sncf.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.connect-sncf.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62181a16-590d-57ce-a893-5b81b2ae7777","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"http://api.connect-sncf.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.connect-sncf.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b65d0383-46d6-5dad-91bf-234a04142bf1","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"connect-sncf.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'connect-sncf.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1b5c8d6-9c98-5235-8367-c8a3ac4b6ac2","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"http://connect-sncf.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://connect-sncf.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7130c4dc-9fb6-5790-9ca1-936929540d56","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"sncfconnect.cam","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sncfconnect.cam']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d33e57c3-bde2-54fb-bddd-1ed570ae7dd8","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"http://sncfconnect.cam","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sncfconnect.cam']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c86305ce-816f-56a9-8495-ce52b150aff1","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"http://91.92.21.11","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://91.92.21.11']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6eaad95e-a0a9-54b5-8924-fd6005e118dd","created":"2026-05-01T18:55:00.000Z","modified":"2026-05-01T18:55:00.000Z","valid_from":"2026-05-01T18:55:00.000Z","name":"91.92.21.11","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.92.21.11']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050288025951781301"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa17d9e6-21a3-519e-92b8-c2e13b6e130b","created":"2026-05-01T19:37:52.000Z","modified":"2026-05-01T19:37:52.000Z","valid_from":"2026-05-01T19:37:52.000Z","name":"cloud-verificate.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cloud-verificate.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050298678246551859"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f417b9c0-7993-5e11-aeee-ead03f4190aa","created":"2026-05-01T19:37:52.000Z","modified":"2026-05-01T19:37:52.000Z","valid_from":"2026-05-01T19:37:52.000Z","name":"http://cloud-verificate.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cloud-verificate.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050298678246551859"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8db6377a-4809-5535-aefb-abbaba8ecbd7","created":"2026-05-01T19:37:52.000Z","modified":"2026-05-01T19:37:52.000Z","valid_from":"2026-05-01T19:37:52.000Z","name":"f920747af86b9e42e38a530ff977b499","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'f920747af86b9e42e38a530ff977b499']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050298678246551859"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--982b4c61-ea3a-5a9c-9bf5-e822666e8dc3","created":"2026-05-01T20:46:54.000Z","modified":"2026-05-01T20:46:54.000Z","valid_from":"2026-05-01T20:46:54.000Z","name":"departure-protocol-pursuit-instructors.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'departure-protocol-pursuit-instructors.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050316052337192967"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2448d5c-2002-52e2-bf52-9fed182a2219","created":"2026-05-01T20:46:54.000Z","modified":"2026-05-01T20:46:54.000Z","valid_from":"2026-05-01T20:46:54.000Z","name":"http://departure-protocol-pursuit-instructors.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://departure-protocol-pursuit-instructors.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050316052337192967"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--844be553-d1d8-59d8-95a4-db11a84ea001","created":"2026-05-01T20:51:08.000Z","modified":"2026-05-01T20:51:08.000Z","valid_from":"2026-05-01T20:51:08.000Z","name":"accommodate-barely-parents-wma.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'accommodate-barely-parents-wma.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050317116532781453"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--87a99a0c-099e-5d12-a2b2-f0d7791644b3","created":"2026-05-01T20:51:08.000Z","modified":"2026-05-01T20:51:08.000Z","valid_from":"2026-05-01T20:51:08.000Z","name":"http://accommodate-barely-parents-wma.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://accommodate-barely-parents-wma.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050317116532781453"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ea7175b-feac-5a57-a1d6-853b02b01501","created":"2026-05-02T05:23:00.000Z","modified":"2026-05-02T05:23:00.000Z","valid_from":"2026-05-02T05:23:00.000Z","name":"gfdlqx.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gfdlqx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2050445976452882515"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a80e57af-3cfd-5acf-b951-c462c090cce0","created":"2026-05-02T05:23:00.000Z","modified":"2026-05-02T05:23:00.000Z","valid_from":"2026-05-02T05:23:00.000Z","name":"https://gfdlqx.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://gfdlqx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2050445976452882515"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a7e6b50-6324-522e-a3ad-c08e6e8098ce","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"140.235.16.55","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '140.235.16.55']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4bf69ef5-f13c-5902-ad7b-c42f3d799aec","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"77.91.97.160","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.91.97.160']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--101118a3-b6a0-5a47-8d85-32980c28857d","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"144.31.223.27","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '144.31.223.27']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71a28287-d6bc-5e6f-826e-7df42bce079a","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"2.26.252.12","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '2.26.252.12']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47d65255-8efb-5b73-bdc3-31bb26a466e4","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"195.3.221.225","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '195.3.221.225']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--baad4d9d-a43b-5c7e-b4df-7d3d8732908f","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"45.133.174.129","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.133.174.129']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6eec325f-f0f9-59dd-8fc1-ef674c631aab","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"198.46.243.15","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '198.46.243.15']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78f5682c-1cfa-51a0-98f9-ea501bd9fb92","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"198.46.243.99","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '198.46.243.99']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7febcbe8-dcd2-5a42-96c1-05d9da961ec8","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"198.13.159.226","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '198.13.159.226']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8032f172-e27b-5f10-925f-71f5eb4dd3ab","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"62.60.226.253","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '62.60.226.253']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d7b8372-a6fe-5574-971d-6418ae748cbc","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"85.137.252.158","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '85.137.252.158']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9243030-38bb-5096-b48d-ca8c1f3852ac","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"191.101.130.68","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '191.101.130.68']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ed479da-a0f1-5c99-aa80-e63afaa90b57","created":"2026-05-02T06:44:00.000Z","modified":"2026-05-02T06:44:00.000Z","valid_from":"2026-05-02T06:44:00.000Z","name":"65.109.103.93","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '65.109.103.93']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050466356064383201"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4cec4706-ed7a-5802-a16b-d60396d8ef17","created":"2026-05-02T07:07:00.000Z","modified":"2026-05-02T07:07:00.000Z","valid_from":"2026-05-02T07:07:00.000Z","name":"backedupweb3quantumledger.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'backedupweb3quantumledger.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050472241624748218"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d624dd8c-4e09-5715-97ad-5dd481fdb6f3","created":"2026-05-02T07:07:00.000Z","modified":"2026-05-02T07:07:00.000Z","valid_from":"2026-05-02T07:07:00.000Z","name":"http://backedupweb3quantumledger.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://backedupweb3quantumledger.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050472241624748218"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac7efc96-5fda-527e-9c0d-e67b5fddce96","created":"2026-05-02T12:00:00.000Z","modified":"2026-05-02T12:00:00.000Z","valid_from":"2026-05-02T12:00:00.000Z","name":"jorrnalisblast.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jorrnalisblast.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2050545874883776848"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e1604e9-d127-59ad-9d3b-8bd0fd773d55","created":"2026-05-02T12:00:00.000Z","modified":"2026-05-02T12:00:00.000Z","valid_from":"2026-05-02T12:00:00.000Z","name":"https://jorrnalisblast.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jorrnalisblast.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2050545874883776848"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8e3569b-20a4-5494-bc4e-221bf0fd9362","created":"2026-05-02T12:52:00.000Z","modified":"2026-05-02T12:52:00.000Z","valid_from":"2026-05-02T12:52:00.000Z","name":"http://5.8.18.95","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://5.8.18.95']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050559005576065080"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c717957d-7be8-5a32-baa1-26a561b7e25d","created":"2026-05-02T12:52:00.000Z","modified":"2026-05-02T12:52:00.000Z","valid_from":"2026-05-02T12:52:00.000Z","name":"5.8.18.95","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '5.8.18.95']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050559005576065080"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c80ed505-baf2-5096-84ed-5a3733e477b4","created":"2026-05-02T13:17:00.000Z","modified":"2026-05-02T13:17:00.000Z","valid_from":"2026-05-02T13:17:00.000Z","name":"cmdofficial.com","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cmdofficial.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2050565229822783579"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28508f50-4450-5a91-bbb3-2adba572a656","created":"2026-05-02T13:17:00.000Z","modified":"2026-05-02T13:17:00.000Z","valid_from":"2026-05-02T13:17:00.000Z","name":"http://cmdofficial.com","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cmdofficial.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2050565229822783579"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04cda70e-3b3c-5fc0-864f-f121f25a20a1","created":"2026-05-02T13:17:00.000Z","modified":"2026-05-02T13:17:00.000Z","valid_from":"2026-05-02T13:17:00.000Z","name":"cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2050565229822783579"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9a31179-a952-5aa8-90cf-e97be71e7ad0","created":"2026-05-02T13:17:00.000Z","modified":"2026-05-02T13:17:00.000Z","valid_from":"2026-05-02T13:17:00.000Z","name":"http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2050565229822783579"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebb5b47d-2a2a-5ccb-bedd-d3232c54deb0","created":"2026-05-02T13:22:00.000Z","modified":"2026-05-02T13:22:00.000Z","valid_from":"2026-05-02T13:22:00.000Z","name":"neuralnetworkdatalab.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'neuralnetworkdatalab.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050566552836055186"}],"labels":["APT","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26eb023f-af9e-5a75-af08-bf81d45f1dcd","created":"2026-05-02T13:22:00.000Z","modified":"2026-05-02T13:22:00.000Z","valid_from":"2026-05-02T13:22:00.000Z","name":"http://neuralnetworkdatalab.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://neuralnetworkdatalab.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050566552836055186"}],"labels":["APT","Lazarus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad4a15d1-4168-5363-9445-20d2092e40a1","created":"2026-05-02T13:23:38.000Z","modified":"2026-05-02T13:23:38.000Z","valid_from":"2026-05-02T13:23:38.000Z","name":"decretal.cfd","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'decretal.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050566888351273449"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a0254b24-89cd-53da-bd91-70fac7536fe5","created":"2026-05-02T13:23:38.000Z","modified":"2026-05-02T13:23:38.000Z","valid_from":"2026-05-02T13:23:38.000Z","name":"https://decretal.cfd/Paidy.html","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://decretal.cfd/Paidy.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050566888351273449"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1e370ea-fed5-5c49-8264-0b9a8fa4ce91","created":"2026-05-02T14:00:06.000Z","modified":"2026-05-02T14:00:06.000Z","valid_from":"2026-05-02T14:00:06.000Z","name":"amazon-clone-gray-three.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'amazon-clone-gray-three.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2050576066121437549"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--174edebf-ebe4-5bea-85b5-6f7ceec97447","created":"2026-05-02T14:00:06.000Z","modified":"2026-05-02T14:00:06.000Z","valid_from":"2026-05-02T14:00:06.000Z","name":"https://amazon-clone-gray-three.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://amazon-clone-gray-three.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2050576066121437549"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8692309-1af0-5945-8a22-9b3d3d88ca7c","created":"2026-05-02T15:20:35.000Z","modified":"2026-05-02T15:20:35.000Z","valid_from":"2026-05-02T15:20:35.000Z","name":"pesksae.shcpqgs.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pesksae.shcpqgs.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2050596318285094932"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab5ac191-6915-5711-8b14-a72186e93961","created":"2026-05-02T15:20:35.000Z","modified":"2026-05-02T15:20:35.000Z","valid_from":"2026-05-02T15:20:35.000Z","name":"https://pesksae.shcpqgs.cn/htopen/mesber/index/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pesksae.shcpqgs.cn/htopen/mesber/index/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2050596318285094932"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e652acd-3a67-5cb8-8448-13f97e10bbd8","created":"2026-05-02T15:33:00.000Z","modified":"2026-05-02T15:33:00.000Z","valid_from":"2026-05-02T15:33:00.000Z","name":"winuputom.z6.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'winuputom.z6.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050599486368661794"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfba8875-5390-57fa-9f6e-16f9e48cfd1b","created":"2026-05-02T15:33:00.000Z","modified":"2026-05-02T15:33:00.000Z","valid_from":"2026-05-02T15:33:00.000Z","name":"https://winuputom.z6.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://winuputom.z6.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2050599486368661794"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2bd40e6b-ac6b-5761-bbe7-f66444551747","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"brdwallet.pro","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'brdwallet.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f74a9977-2177-59f9-9c94-389c967355b3","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://brdwallet.pro","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://brdwallet.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--20209fa1-4171-5cc3-80e2-2d967d228915","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"chnomewebgoogle.store","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chnomewebgoogle.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3300684-5613-5710-8196-c507d489644e","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://chnomewebgoogle.store","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chnomewebgoogle.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--819d4a26-e78b-5c20-899b-e1430761a96e","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"chromewebextersion.store","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chromewebextersion.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ecf33692-1407-5d4d-a696-a550c8b9f34a","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://chromewebextersion.store","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chromewebextersion.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--456ab401-aa3a-5da0-8a85-43b11752c0f0","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"chromewebstogoogle.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chromewebstogoogle.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--db0b341b-2808-5976-b54f-e32607f0f8bd","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://chromewebstogoogle.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chromewebstogoogle.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a18dfad-8e0c-57eb-8450-cf96ceadc793","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"crytab.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'crytab.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--325153b3-1ec9-5915-9e9b-e1d89f1e2b51","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://crytab.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://crytab.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f659aabe-dd6b-5647-ab8a-20631131ac15","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"lingoclip.space","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lingoclip.space']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ac3c324-4442-5e75-8c42-7fa24424bf7c","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://lingoclip.space","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lingoclip.space']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--81fd3432-b865-5e48-9334-d409de875b5e","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"shoppycon.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'shoppycon.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6c76fff-2972-5554-9dbf-1c2a2e8a531e","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://shoppycon.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://shoppycon.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca025539-c79a-56d6-a332-947ebb420b43","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"swiftnote.online","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'swiftnote.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--578daa22-08f9-5823-b03c-fd18f26bc77b","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://swiftnote.online","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://swiftnote.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8dd743b0-e003-5b8c-9d0c-4b0f7bb70cd1","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"timeanddate.homes","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'timeanddate.homes']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2352e577-8752-5947-9e0c-725ec8737a0a","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://timeanddate.homes","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://timeanddate.homes']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a9f81e3-9493-5a2e-9ff2-ada7312e9cf6","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"visionarystudio.site","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'visionarystudio.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5a16ed7-f666-5094-98b0-9f4d0421f53a","created":"2026-05-02T16:51:00.000Z","modified":"2026-05-02T16:51:00.000Z","valid_from":"2026-05-02T16:51:00.000Z","name":"http://visionarystudio.site","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://visionarystudio.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2050619197734961413"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2efc07a7-5ff1-5874-8984-ae7db0d84e47","created":"2026-05-02T16:57:00.000Z","modified":"2026-05-02T16:57:00.000Z","valid_from":"2026-05-02T16:57:00.000Z","name":"meetingszoom.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'meetingszoom.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2050620646556594184"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab4867c1-4507-55c5-aab3-d1cbd64d486d","created":"2026-05-02T16:57:00.000Z","modified":"2026-05-02T16:57:00.000Z","valid_from":"2026-05-02T16:57:00.000Z","name":"https://meetingszoom.com","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://meetingszoom.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2050620646556594184"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--649ea6a6-d009-5512-9b89-e1851dc11334","created":"2026-05-02T17:53:29.000Z","modified":"2026-05-02T17:53:29.000Z","valid_from":"2026-05-02T17:53:29.000Z","name":"zango.usite.pro","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zango.usite.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050634797790208217"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d45801cf-9dd8-57dd-8fff-e386e4463cc0","created":"2026-05-02T17:53:29.000Z","modified":"2026-05-02T17:53:29.000Z","valid_from":"2026-05-02T17:53:29.000Z","name":"http://zango.usite.pro","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://zango.usite.pro']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050634797790208217"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa976fd3-6016-5ca4-90de-f7d3684e0fe0","created":"2026-05-02T19:01:25.000Z","modified":"2026-05-02T19:01:25.000Z","valid_from":"2026-05-02T19:01:25.000Z","name":"safephoto-vault.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'safephoto-vault.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050651892431151207"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5477cbb3-68ca-5360-8f96-d3aeaedea201","created":"2026-05-02T19:01:25.000Z","modified":"2026-05-02T19:01:25.000Z","valid_from":"2026-05-02T19:01:25.000Z","name":"http://safephoto-vault.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://safephoto-vault.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2050651892431151207"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e7d122a-ca90-5d8f-a0ac-0d0bc1c7168e","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"doc-load.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doc-load.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9b7beb6-2e82-5ccc-845c-cc017280c512","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"http://doc-load.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doc-load.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e88e173d-718f-5380-afed-f41f3424a173","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"user-info.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'user-info.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48c4e39b-45fc-5d03-b9b5-1f5fb5cf44b1","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"http://user-info.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://user-info.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c2b0cc4-9d38-5c8b-a91e-b4c60583e387","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"mois-go.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois-go.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--657b40b7-836e-572a-8763-c7cc2a0283b2","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"http://mois-go.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois-go.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc3628f6-a865-5d41-abb1-7ceaf065d16e","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"km-link.mois-go.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'km-link.mois-go.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f31c2058-1054-5bb0-a775-bba48a049955","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"http://km-link.mois-go.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://km-link.mois-go.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5bdb60d-e298-528c-bb56-cfd9e8d396dd","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"ips-co.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ips-co.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4e3981c-e3b9-5374-9a78-1a59acd4f25d","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"http://ips-co.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ips-co.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f73fbf75-98ca-57b2-9abb-8708e8cb04dd","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"checkinfo.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'checkinfo.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0ab28eb-b798-5dee-b402-9965fae9113e","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"http://checkinfo.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://checkinfo.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3afba1f0-7be4-5492-a21c-ec9948f49703","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"nid-support.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-support.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35dbbf35-c3df-5b30-a0e8-dd145e84e2b7","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"http://nid-support.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-support.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d9daed9-f5aa-50c8-b397-438457fddb5c","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"infocheck.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'infocheck.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0941a95-9cf8-564f-8808-f1ef6956f6ab","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"http://infocheck.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://infocheck.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e1b1d56-c919-5044-bd6c-515ca1683388","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"nid-auth.infocheck.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-auth.infocheck.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16764a5e-6cb0-5ca2-90b7-ffc6ab252983","created":"2026-05-02T19:32:00.000Z","modified":"2026-05-02T19:32:00.000Z","valid_from":"2026-05-02T19:32:00.000Z","name":"http://nid-auth.infocheck.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-auth.infocheck.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050659775428337786"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b79e5eb-659e-5d74-9722-c85aa8b48e4e","created":"2026-05-02T19:39:00.000Z","modified":"2026-05-02T19:39:00.000Z","valid_from":"2026-05-02T19:39:00.000Z","name":"allegrolokalnie.ofert923781910.shop","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'allegrolokalnie.ofert923781910.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2050661428671971806"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5467e532-6a89-5d3d-9505-44b6fabbb6b7","created":"2026-05-02T19:39:00.000Z","modified":"2026-05-02T19:39:00.000Z","valid_from":"2026-05-02T19:39:00.000Z","name":"https://allegrolokalnie.ofert923781910.shop","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://allegrolokalnie.ofert923781910.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2050661428671971806"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce74abfb-181c-5724-b119-59a8650c19c0","created":"2026-05-02T19:46:00.000Z","modified":"2026-05-02T19:46:00.000Z","valid_from":"2026-05-02T19:46:00.000Z","name":"graph.org","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'graph.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050663255614566620"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--576b1d0a-35a7-5a31-b3ba-c04efde50bc8","created":"2026-05-02T19:46:00.000Z","modified":"2026-05-02T19:46:00.000Z","valid_from":"2026-05-02T19:46:00.000Z","name":"http://graph.org/Transfer-04-13-4","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://graph.org/Transfer-04-13-4']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050663255614566620"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4df6221f-9ce6-5077-8793-be10499ee1f0","created":"2026-05-02T19:46:00.000Z","modified":"2026-05-02T19:46:00.000Z","valid_from":"2026-05-02T19:46:00.000Z","name":"http://graph.org/Transfer-04-13-3","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://graph.org/Transfer-04-13-3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050663255614566620"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28e53ee4-b5ef-5a48-bb53-63a13c9eae8f","created":"2026-05-02T19:46:00.000Z","modified":"2026-05-02T19:46:00.000Z","valid_from":"2026-05-02T19:46:00.000Z","name":"http://graph.org/Transfer-04-13-2","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://graph.org/Transfer-04-13-2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050663255614566620"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8e3fad4-876b-53fc-af9c-5f49eb53b44e","created":"2026-05-02T19:46:00.000Z","modified":"2026-05-02T19:46:00.000Z","valid_from":"2026-05-02T19:46:00.000Z","name":"http://graph.org/Transfer-04-12-5","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://graph.org/Transfer-04-12-5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050663255614566620"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0614f8f5-3848-52db-bb55-1a4ae7dff903","created":"2026-05-02T19:46:00.000Z","modified":"2026-05-02T19:46:00.000Z","valid_from":"2026-05-02T19:46:00.000Z","name":"http://graph.org/Transfer-04-12-4","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://graph.org/Transfer-04-12-4']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050663255614566620"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c308a6d8-0ee5-54b1-842f-e314df3dbaf3","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"zoie6741.zzctl.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zoie6741.zzctl.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--66e9662c-63ad-5826-af2a-4649b443ef12","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"http://zoie6741.zzctl.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://zoie6741.zzctl.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f152e70-eaac-5311-826f-dd0f0283e371","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"nicole7918.zzctl.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nicole7918.zzctl.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7270442c-97aa-5e41-9042-06cca18e0657","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"http://nicole7918.zzctl.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nicole7918.zzctl.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--35decaa3-fd9a-5788-b151-7cf28f84240a","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"yasmine-534332.swedenmovies.eu.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'yasmine-534332.swedenmovies.eu.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--780f5110-4bf8-5131-8d18-0c83b9b34939","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"http://yasmine-534332.swedenmovies.eu.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://yasmine-534332.swedenmovies.eu.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--25692c05-050e-5114-87d8-c99c428f082c","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"francesca-887994.tamarabillmoore.online","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'francesca-887994.tamarabillmoore.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--99d49fee-cfd5-544a-b7c8-c6eb766539f4","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"http://francesca-887994.tamarabillmoore.online","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://francesca-887994.tamarabillmoore.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3826f961-ea03-54a3-ba81-d87107217a4b","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"imogen-566325.spiod.sbs","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imogen-566325.spiod.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba29d9e8-7384-5ba7-b256-99fa567dd01f","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"http://imogen-566325.spiod.sbs","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imogen-566325.spiod.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--03ad32f7-7df9-5895-877b-5f2b2cf42e0b","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"maria-130463.womanorgasm.sbs","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'maria-130463.womanorgasm.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--65b844d0-af86-5cf1-81ad-3ab180c61991","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"http://maria-130463.womanorgasm.sbs","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://maria-130463.womanorgasm.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a4a70af-2b63-55d9-8fb8-575a913e5be6","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"jeanette2960.karlsruhe.vip","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jeanette2960.karlsruhe.vip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c9093d2-56c4-5447-b1b4-db95dba0155b","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"http://jeanette2960.karlsruhe.vip","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jeanette2960.karlsruhe.vip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3abd3fcf-8460-51cc-b1dd-d3a171b37225","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"anna-534714.sloveniamovies.eu.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'anna-534714.sloveniamovies.eu.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ddf1dc4e-f61d-5453-af3a-1c81b77b071c","created":"2026-05-02T21:33:05.000Z","modified":"2026-05-02T21:33:05.000Z","valid_from":"2026-05-02T21:33:05.000Z","name":"http://anna-534714.sloveniamovies.eu.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://anna-534714.sloveniamovies.eu.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050690064389169188"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f897a4db-80af-5875-bf64-4b1fe61f99f2","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"charming-ivory-gn9yvubd62-lm7hf1jqkf.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'charming-ivory-gn9yvubd62-lm7hf1jqkf.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c723080-a4e2-5aab-9b94-d5e4052eacd6","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"http://charming-ivory-gn9yvubd62-lm7hf1jqkf.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://charming-ivory-gn9yvubd62-lm7hf1jqkf.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c1b720c-dd7f-52b4-868b-13dc129125ef","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"notable-violet-dk8oh8ilvs-e6yt1vxf2n.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'notable-violet-dk8oh8ilvs-e6yt1vxf2n.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--260a3a94-250b-5c02-b7a8-d6ec978cdcc9","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"http://notable-violet-dk8oh8ilvs-e6yt1vxf2n.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://notable-violet-dk8oh8ilvs-e6yt1vxf2n.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1aba607a-b63e-528c-92ad-e1116a0e7780","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"intense-plum-az3ef3gxuj-970sqerutr.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'intense-plum-az3ef3gxuj-970sqerutr.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c0b0b7d-218a-5805-b9cb-5e675275c879","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"http://intense-plum-az3ef3gxuj-970sqerutr.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://intense-plum-az3ef3gxuj-970sqerutr.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--734af19a-f8b2-5600-89e4-5ada8b9a2321","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"innocent-azure-04oe1nxk6c-z0jz7ebme9.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'innocent-azure-04oe1nxk6c-z0jz7ebme9.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9845033-5699-5815-bc22-307c4fde1bca","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"http://innocent-azure-04oe1nxk6c-z0jz7ebme9.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://innocent-azure-04oe1nxk6c-z0jz7ebme9.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d218d1b-1d5b-591a-b5c5-ce86f28475dd","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"correct-moccasin-3ta2edqboc-sq8x40bp22.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'correct-moccasin-3ta2edqboc-sq8x40bp22.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--269d1a38-8548-5703-8216-76c1c9d5365c","created":"2026-05-02T21:44:33.000Z","modified":"2026-05-02T21:44:33.000Z","valid_from":"2026-05-02T21:44:33.000Z","name":"http://correct-moccasin-3ta2edqboc-sq8x40bp22.edgeone.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://correct-moccasin-3ta2edqboc-sq8x40bp22.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050692948874907792"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--419826eb-62f2-5683-9838-12735f80e7f9","created":"2026-05-02T22:07:00.000Z","modified":"2026-05-02T22:07:00.000Z","valid_from":"2026-05-02T22:07:00.000Z","name":"whois.domrobot.com","description":"IOC reported by @userlolxxl on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'whois.domrobot.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/userlolxxl/status/2050698733524828489"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5375dd7c-1087-5a60-aa77-4e7805229d46","created":"2026-05-02T22:07:00.000Z","modified":"2026-05-02T22:07:00.000Z","valid_from":"2026-05-02T22:07:00.000Z","name":"http://whois.domrobot.com","description":"IOC reported by @userlolxxl on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://whois.domrobot.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/userlolxxl/status/2050698733524828489"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c9fbca1-62eb-52a7-8a45-9191fa38da18","created":"2026-05-03T06:07:00.000Z","modified":"2026-05-03T06:07:00.000Z","valid_from":"2026-05-03T06:07:00.000Z","name":"allegro-lokalnie.8934980089g9ufd.shop","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'allegro-lokalnie.8934980089g9ufd.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2050819585994113145"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e9d7c9a-2ec2-53de-b3d6-7d02b4279edc","created":"2026-05-03T06:07:00.000Z","modified":"2026-05-03T06:07:00.000Z","valid_from":"2026-05-03T06:07:00.000Z","name":"https://allegro-lokalnie.8934980089g9ufd.shop","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://allegro-lokalnie.8934980089g9ufd.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2050819585994113145"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ece6ac0-743e-5075-a216-2143761fabac","created":"2026-05-03T06:33:00.000Z","modified":"2026-05-03T06:33:00.000Z","valid_from":"2026-05-03T06:33:00.000Z","name":"45.88.9.235","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.88.9.235']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050825945515508156"}],"labels":["C2","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8c74783-c10e-5c25-85eb-d697c231bf83","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"arizona.gov-lfux.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'arizona.gov-lfux.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5579a5d-4a46-57b8-825e-1fea7f2b0e27","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://arizona.gov-lfux.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://arizona.gov-lfux.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a848831e-5190-5a1b-bda1-dffb6b6f5d43","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"arizona.gov-rgtx.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'arizona.gov-rgtx.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3d2f1b2-016a-5d04-b4e8-661ff815123a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://arizona.gov-rgtx.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://arizona.gov-rgtx.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86deaff2-0cef-5dc4-b520-71dc830ea61e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-wpqa.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-wpqa.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4d060e4-a34a-5d8e-8b0c-ba8662963e71","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-wpqa.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-wpqa.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--644fe976-e08f-572d-81b9-2158af306755","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"arizona.gov-wpqa.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'arizona.gov-wpqa.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e77f4fa-2d46-5ee1-8c12-ce7c2c87a10c","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://arizona.gov-wpqa.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://arizona.gov-wpqa.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8362c4d3-27fb-51cd-b9a4-ba7807551cbc","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-wpcas.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-wpcas.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81e6d22a-1dfb-5d29-b8e5-4dfe608a0c19","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-wpcas.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-wpcas.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3e559f1-226e-5116-9ef1-b12d1d58a42b","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"wisconsin.gov-wpcas.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wisconsin.gov-wpcas.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6354f56a-85b4-5b28-88e3-b03d38362ebe","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://wisconsin.gov-wpcas.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wisconsin.gov-wpcas.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ecb5757f-96d1-594b-8d34-e35245f88c69","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"wisconsin.gov-utcn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wisconsin.gov-utcn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a194cc4f-12a4-579f-945a-2d9558e0c289","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://wisconsin.gov-utcn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wisconsin.gov-utcn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b8129a0-cdcc-5a26-b777-fb8a7f590be1","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"wisconsin.gov-ckdt.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wisconsin.gov-ckdt.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9020220d-3607-524f-83cd-343a2a7ed647","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://wisconsin.gov-ckdt.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wisconsin.gov-ckdt.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a773e7fe-e82e-5311-a378-17ff25e10eef","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-urffs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-urffs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00b6580d-4e27-57f1-96d0-64663d5ad723","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-urffs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-urffs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--088bfc42-38cf-5276-85ff-3ab7828626ab","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"wisconsin.gov-urffs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wisconsin.gov-urffs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ecfb871f-594e-584d-8c90-b68fed509606","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://wisconsin.gov-urffs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wisconsin.gov-urffs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eef0ed95-b559-5205-a761-f0e809a1c2aa","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"wisconsin.gov-yfov.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wisconsin.gov-yfov.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39d80bbc-1507-59c8-9d5d-51fac16cd275","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://wisconsin.gov-yfov.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wisconsin.gov-yfov.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64dbc976-866d-5403-99a1-d60dacc885a6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-rrgzq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-rrgzq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a500cf3f-bfe2-562c-8852-a2d766c9549e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-rrgzq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-rrgzq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f80af7d-6daf-56f7-9da8-16eb73972058","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"wisconsin.gov-rrgzq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wisconsin.gov-rrgzq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7fa3e917-1e6c-5371-9b08-e816795be326","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://wisconsin.gov-rrgzq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wisconsin.gov-rrgzq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bccb19b-e766-5a35-9932-21f9ae03fc90","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-lfcwqq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-lfcwqq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c3e96ae-ee7b-5209-9d91-9dc7f92b96e1","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-lfcwqq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-lfcwqq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e3628e9-f586-528c-8ee2-79cecf05dd6e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"wisconsin.gov-lfcwqq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wisconsin.gov-lfcwqq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ddfaf34e-655b-511a-9915-3a1cd6ef353b","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://wisconsin.gov-lfcwqq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wisconsin.gov-lfcwqq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65584f63-4c34-5946-8c07-03fb363ffce2","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-ckdt.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-ckdt.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75e2ba83-ed12-5178-a015-623b0fee3ac3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-ckdt.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-ckdt.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6a76a3e-5d0e-5007-9198-651a7069be2e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-ckdt.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-ckdt.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8f9f234-82b0-5d0e-8286-81ba2245a6df","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-ckdt.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-ckdt.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05a0d159-39c1-5bd6-874f-719ecc504d3f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-rgtx.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-rgtx.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9608bbd3-4eec-5672-8126-821c020079f6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-rgtx.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-rgtx.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e56ae267-f5f8-5f8f-9d75-57576f87660b","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-rgtx.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-rgtx.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a50f9fee-3881-5ec6-8a58-7461e1da34af","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-rgtx.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-rgtx.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdadd764-afa0-5de7-a340-b72179c324a3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-utcn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-utcn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3775af32-86ec-5f09-85ca-5ac61c556f22","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-utcn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-utcn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0baabdbe-bf72-5bf5-aae7-89b247ce7b05","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-utcn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-utcn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0516b93-bdc5-5f06-a027-a7b0ccff29cc","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-utcn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-utcn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3164425-2444-522f-ad90-21c6d6cb789f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-yfov.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-yfov.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63619c3e-bcd2-548e-986f-f2bbba9e39b5","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-yfov.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-yfov.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--08acaf54-2551-5b74-8fcc-0d00b444a8d4","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-ldrok.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-ldrok.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d6cdfb2-a570-56a4-9c78-a7372ee8a6a4","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-ldrok.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-ldrok.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5017cc4-e3b9-54e5-8a32-689ea565b1a5","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-yfov.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-yfov.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9adc7296-de4b-571e-91db-2f17674acb30","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-yfov.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-yfov.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c86c492d-87fc-5f88-ab3d-937bd2ce1044","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-ldrok.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-ldrok.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c41ed55a-fc7c-5585-8554-76f1ca500cbf","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-ldrok.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-ldrok.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7dc346e-b0eb-556b-92ff-b90179438ce0","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-hwxj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-hwxj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90ac278d-14b6-5466-a222-61f290d35a31","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-hwxj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-hwxj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cce65a6-b47d-55c0-9b13-d4d8bba693d3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-hwxj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-hwxj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a941c25-ff9b-5e6e-9a02-c3d7de994cf6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-hwxj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-hwxj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02e7e098-58f3-51ef-a99d-0310460dea9e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-lfux.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-lfux.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c3cb1e8-e14f-548b-b2c9-0dfb2f255b5b","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-lfux.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-lfux.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7d00e97-8f66-543e-9b2d-db406b226886","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-lfux.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-lfux.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ef7d957-4a79-5e77-b2e7-bbb08e0b1dcd","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-lfux.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-lfux.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c4dcb1f7-0a22-50f9-9e93-f9986f5b7904","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-kcxv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-kcxv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8664007a-f38b-59e5-a4d7-8fe07f8bdaf9","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-kcxv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-kcxv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--351cca02-c100-5b84-972a-9c3ad22fadb3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-kcxv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-kcxv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--da62e4c6-d82b-549a-b68e-976f5e5520bf","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-kcxv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-kcxv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e471a92-2234-57f6-a6ad-abfaa748f797","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-alhb.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-alhb.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--486ddd2e-9c66-5e4c-86ad-bf083117fc44","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-alhb.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-alhb.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5d2c182-8e2c-5d35-aeea-bc0ddbc3e0d7","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-alhb.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-alhb.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--318c4757-30ce-5e85-8014-25d2c5164766","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-alhb.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-alhb.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a30ec681-1137-520f-a799-b55fa23f6ab5","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-vjaqs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-vjaqs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9213340a-9150-5518-9ad3-76245a1bd44d","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-vjaqs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-vjaqs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6604e25e-8310-5c5b-bcd3-035c6832d134","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"arizona.gov-vjaqs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'arizona.gov-vjaqs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e29cbf7-a9d8-5163-b392-ccdda0dec3cd","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://arizona.gov-vjaqs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://arizona.gov-vjaqs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8df18ee0-683c-5f87-b636-d9bdd942f5ee","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-tapn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-tapn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7926ce3c-6bdf-566e-9e22-adff5d6549f6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-tapn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-tapn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37298c8f-bba3-5150-8601-134afc4b30ff","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"arizona.gov-tapn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'arizona.gov-tapn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--191f3483-34a5-502a-a7f8-d05961453d4a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://arizona.gov-tapn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://arizona.gov-tapn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2947963-f97a-5d14-ab02-0fa34fadfa0d","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-syyv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-syyv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72c4777f-5f1a-5a7c-988d-769646c00e3d","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-syyv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-syyv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dba8399a-4631-5630-9dea-cc7768f166b7","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-syyv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-syyv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd828119-2185-57b0-a3d6-f7b3d8fa4863","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-syyv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-syyv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b4ae961-dff9-5b5a-91f0-ba15c6129e5e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-mhco.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-mhco.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ff8404f-cc62-5d9d-a866-497c729e9c18","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-mhco.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-mhco.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--413cd393-5414-54f1-b54c-36b7d10d53e6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-mhco.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-mhco.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b05d35b-3090-59a4-b186-1c0f5803b128","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-mhco.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-mhco.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1e55e64-4e97-5810-9d01-ee9f06f2e591","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-vyoyu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-vyoyu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab35f236-b9bc-5dde-a756-940d9f36f6f6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-vyoyu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-vyoyu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--de601ec3-f3f4-5f0e-8b88-f8b299ea6335","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-vyoyu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-vyoyu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9fb1f2b6-0e18-5b82-84bc-6ad94f319da9","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-vyoyu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-vyoyu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c51891a1-cf09-577c-9d8e-c6b22ace13a5","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-zhngf.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-zhngf.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5b4f565-c9f3-50ea-9db0-27c79475d33a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-zhngf.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-zhngf.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce38bd6a-048e-5465-ab45-d1d2b8c0fa1f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-zhngf.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-zhngf.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfcb688c-8a48-5fbf-ba5f-cf3fee632b6f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-zhngf.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-zhngf.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c56e763f-87bd-5e05-b163-c3f41914c1f7","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-nmft.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-nmft.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b222da19-95a2-5e88-b318-da22d24f1633","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-nmft.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-nmft.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--026c5320-9507-5144-9f3a-43d5440ad57c","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-nmft.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-nmft.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25576098-ac52-5c04-a358-c0112e66da3c","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-nmft.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-nmft.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce39970c-aea7-516a-abf0-3a252db44e71","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-qjbkj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-qjbkj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--760ddf0f-2575-5c83-885f-bd81fa08c073","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-qjbkj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-qjbkj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f353638-b713-5da3-acd6-24afe75ee19e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-qjbkj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-qjbkj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c0f68e7-64fd-5db0-b9a3-cfeeedb02617","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-qjbkj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-qjbkj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a309b5ae-fdde-5604-b23c-3e546828f85f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-jukc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-jukc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba752fbc-188e-5562-9380-1e743cf79fb3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-jukc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-jukc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dbc40eb0-0c75-5b51-9b0d-a069cb4342e2","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-ieoo.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-ieoo.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6c3ed46-1fc0-5abd-b937-46add6bff71e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-ieoo.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-ieoo.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb25ea71-5317-57be-bc22-7341414004e4","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-ieoo.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-ieoo.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af9c6fc0-008e-5917-926a-10d7af976945","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-ieoo.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-ieoo.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03a96709-9b9d-55d1-a440-f4d950e20b2a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-jbwj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-jbwj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68b09e03-7cdd-5a65-96db-9075d475ec18","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-jbwj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-jbwj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8e6dac3-58ad-5e89-b442-ad234a4aef00","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-jbwj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-jbwj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a0ef7b9-9f67-58f8-bb82-446a1cec0241","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-jbwj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-jbwj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3407cdf9-a82a-577d-8915-bdd4fcf260cc","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-qllj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-qllj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a09db2e4-e4f3-5188-aec3-9a338b4c7d28","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-qllj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-qllj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16fbca55-3173-5c7d-a3b2-94d1eb3d6934","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-qllj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-qllj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18bf9a5c-7888-518e-9074-d120075167a2","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-qllj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-qllj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e6f918a-61d2-5a97-98ff-1ba2dfd5352a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-menu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-menu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--efcdf0c3-0221-52bb-a5ac-94fbda2c22a8","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-menu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-menu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e495665-5016-56bc-a4d6-892955106a9a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-menu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-menu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a79f7f85-bf1d-5949-ab50-01f5814d5818","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-menu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-menu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78bff74b-bde9-5610-8731-b7b769073fb2","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-mqgj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-mqgj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4be6d212-f6d1-50ab-8c41-90f0b4a302bf","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-mqgj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-mqgj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b2047d8-ca7f-509e-8203-2ca64db48d59","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-mqgj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-mqgj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ce57d1c-39c6-50e0-b569-b6de0a167c6f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-mqgj.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-mqgj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--099e4a1a-cc65-5b66-993c-f0a999f58da2","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-lyvc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-lyvc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3ed95a8-d4c3-5cfd-af3d-8f00ae6e9f52","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-lyvc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-lyvc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--532a229a-e589-5d1e-a857-07531db2a05d","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-lyvc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-lyvc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd43f8e2-8715-57f0-8153-ac17f8c68bb4","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-lyvc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-lyvc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--73f46cbb-bd09-5f88-b211-b3ca31bcfd4c","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-jukc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-jukc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fbfdc69-cc73-5ac4-8e88-deee1149566d","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-jukc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-jukc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--878ce854-13f8-5fef-8739-3d852531f4ae","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"texas.gov-jukc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'texas.gov-jukc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47781f5e-6195-5c72-b980-6138a74f271e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://texas.gov-jukc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://texas.gov-jukc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1613a79f-c646-52ce-aac1-09fe30e4ae9e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-zaun.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-zaun.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aca1de62-799d-546b-8ef0-ff1bcb9048e8","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-zaun.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-zaun.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2f6bea8-c9d8-5250-8fbd-8421c3efb9d0","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-mvkz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-mvkz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc48ec17-3cb2-50cb-b076-df1715b07270","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-mvkz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-mvkz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f405a11c-f4ea-5422-b6f0-1fbf0fd8971c","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-cwpr.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-cwpr.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f1f38f7-6240-57b1-bbc9-b11c4d9579de","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-cwpr.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-cwpr.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90b07589-93e1-515c-99e3-696009e63ce9","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-xvvi.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-xvvi.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b978b3a-995f-5ff0-a5a7-6e46b025ebae","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-xvvi.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-xvvi.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75fcb103-7892-54ae-a935-ac7c3e87b2f1","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-yqkq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-yqkq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d67565ce-625d-5bb5-90dd-fdd47f3465a4","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-yqkq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-yqkq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5cc9b3ae-b6cc-5fcb-b1bb-80b6741b983a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"texas.gov-xvvi.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'texas.gov-xvvi.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6e81284-d499-5b25-a5ef-e266e9fe7b5c","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://texas.gov-xvvi.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://texas.gov-xvvi.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--756b90b4-613a-511a-879d-5662fe72872c","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"texas.gov-yqkq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'texas.gov-yqkq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--016efda6-e779-55cb-b487-6ec00f99316d","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://texas.gov-yqkq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://texas.gov-yqkq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c3299d9-bc78-5a61-8117-c60987755f14","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-kgqp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-kgqp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3e0536b-ed00-5c28-81c3-140df2fd8d7a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-kgqp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-kgqp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b0bec39-408f-5fca-bd00-4e6ee5456e41","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-kgqp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-kgqp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16a1fff4-9a87-5aa4-8a15-211e813ca4c7","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-kgqp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-kgqp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--88890409-520c-58f2-8717-edd872218baa","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-qims.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-qims.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe503cb5-cef5-5bfd-aebd-ee1ffbc4ce5d","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-qims.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-qims.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9296346e-b7a4-5102-8b6e-e759bdfbe4df","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-qims.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-qims.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bddb8dce-bbf1-51aa-b5c2-326f6b2de38a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-qims.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-qims.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5bf10067-bfe9-5f3d-90a8-9c87bacd781f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-imlf.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-imlf.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb8314a3-5a03-5290-b5f7-9bf5c4202163","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-imlf.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-imlf.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f520376-576d-5802-b456-cd3e20f130fd","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-xdml.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-xdml.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1f385d4-9c2b-5569-81b2-473c8713150f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-xdml.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-xdml.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48066959-4485-5260-8a08-80b13b247786","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-imlf.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-imlf.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb98cc8c-7e0c-576c-bc43-321fc4ef1d7d","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-imlf.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-imlf.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c9d39c1-fb23-5983-9d89-3a119cb86f79","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-xdml.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-xdml.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--915e4eec-0938-581f-99a6-832bd2f68dd8","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-xdml.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-xdml.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c7e2eab-b47f-57a7-9059-c989c2c181d1","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-xdrm.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-xdrm.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c9aa056-2108-5432-b750-09ba65bec763","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-xdrm.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-xdrm.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab080460-2ae4-54fa-99c6-5a96d9fee3e6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-xdrm.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-xdrm.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ab969f0-639c-521f-bee7-c2810bf3de44","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-xdrm.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-xdrm.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--010d4842-cfa7-52f4-9c01-aba829002ef0","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-uzbq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-uzbq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3c7e95c-cf4b-5dca-838d-5e901dfa1b87","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-uzbq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-uzbq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d631b55d-9449-5202-8ed1-889fee68fdf8","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-uzbq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-uzbq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e18af3ba-96ed-5b13-82f1-6cdd5c3a8dc5","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-uzbq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-uzbq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c71e53a-e7de-5e51-a9ee-0cdf77977e53","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-vndl.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-vndl.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c559cef9-c671-5f5b-8d3c-a3e0aab7a5c5","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-vndl.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-vndl.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8b1fb9a-dedd-5f01-92ad-860eded53a06","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-vndl.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-vndl.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd5fc45c-cd67-5481-afdf-2599b7052a61","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-vndl.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-vndl.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--004c7fcd-9359-5408-ad4f-86b463bd02f7","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-kcgb.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-kcgb.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67db3d3c-f45b-5171-8de4-4788f27739d3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-kcgb.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-kcgb.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4bba7a31-9b51-5e03-b432-aee5b73a9829","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"pennsylvania.gov-kcgb.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pennsylvania.gov-kcgb.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce7e0785-5aeb-51ad-b173-3f081641150b","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://pennsylvania.gov-kcgb.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pennsylvania.gov-kcgb.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0234522-b40f-5509-b485-42c0b8b23bb1","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-kdiy.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-kdiy.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--222b441a-eef0-5efb-acba-b447a4621cd3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-kdiy.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-kdiy.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f592f751-50d9-5aed-998e-af4225191520","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-mczv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-mczv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59479358-989a-586f-84f2-a19b0154de84","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-mczv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-mczv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a6032f3-d74c-5c01-ac2b-321176eb6990","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"louisiana.gov-mczv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'louisiana.gov-mczv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a345eb6d-e98e-5756-9f14-2bafc495c922","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://louisiana.gov-mczv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://louisiana.gov-mczv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63f27674-7d73-5b8d-8c3e-3d85d9ca641c","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-zozn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-zozn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4926eeae-add5-5a59-a747-784313272b3e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-zozn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-zozn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0e112c4-99ab-5463-a282-1c55f4c896aa","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"newmexico.gov-zozn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newmexico.gov-zozn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--101f3a52-dafb-5940-a353-f6cef3d8c990","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://newmexico.gov-zozn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newmexico.gov-zozn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb387568-a593-57fc-b84c-4a15fa0fe800","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-fiog.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-fiog.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c18c8570-521d-553f-b336-45c8d0b4a257","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-fiog.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-fiog.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff390175-6b42-5d5f-9720-90cea480a185","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"iowa.gov-fiog.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iowa.gov-fiog.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--42345980-4ca4-5ada-8fa8-732ccb02b5e0","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://iowa.gov-fiog.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://iowa.gov-fiog.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fd13cc1-d4c7-5b2d-9f07-22d745b54839","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-xivv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-xivv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3be1fb8e-6e26-5da5-a2f6-5bfbeb1ce933","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-xivv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-xivv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5bc55131-73bc-5ca4-a8e6-3ad5922fd068","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"michigan.gov-xivv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-xivv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9fc04c9d-0546-5a08-badc-79960ad4e76a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://michigan.gov-xivv.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-xivv.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac2f3dea-c157-5675-bb70-44197fa79cec","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-vvzu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-vvzu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb458543-5cc4-5e06-879a-c6d9589d3405","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-vvzu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-vvzu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed521dd6-1180-5ad9-98dd-48a4dfaafe15","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"idaho.gov-vvzu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'idaho.gov-vvzu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e6b4569-0a6d-51ed-9c48-0d67acde566f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://idaho.gov-vvzu.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://idaho.gov-vvzu.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3146cd82-e68d-5530-831f-6e25b2dfe26f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-lxkc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-lxkc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47f06604-0953-5a29-8497-d1aa719118e6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-lxkc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-lxkc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--890837c3-1550-5e2e-87c5-f593555d1f65","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-lxkc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-lxkc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7cf893a-ac6f-5973-aff5-c9a7b0887fa2","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-lxkc.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-lxkc.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dbc91906-4ad5-5799-a2f6-603b8a5d7867","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-dolz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-dolz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2d46b37-77dd-5e13-a9f9-29a08efd970f","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-dolz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-dolz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee84f808-c904-5957-b11c-3b64744f37a3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"arizona.gov-dolz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'arizona.gov-dolz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--08a9bd4a-08c7-5911-a1a9-5ec873d92ebc","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://arizona.gov-dolz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://arizona.gov-dolz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eda07391-3478-5300-bead-5a96df8a73cd","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-zaun.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-zaun.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47233f3a-a253-54d9-9530-4f9c11af282e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-zaun.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-zaun.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdfff295-4d8a-595e-903d-f6996bd8d2e1","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-mvkz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-mvkz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d8f348c-3e74-5c03-820a-0cc302da1223","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-mvkz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-mvkz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6bc07f6-5096-5967-9d7d-f0ff11908a5e","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-awja.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-awja.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b6f89c1-4044-5d7e-b883-8f72ab844812","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-awja.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-awja.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f00312e7-1a86-5fee-86e8-17de12f250d6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-mgso.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-mgso.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--841d301c-206a-5660-8fd7-7eeb195db4d2","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-mgso.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-mgso.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31be6f9e-01a4-597e-82d2-4cb2f6639304","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-frhn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-frhn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3be385f-9695-51ac-8e60-ea5ef1bad7f5","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-frhn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-frhn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4da5fda7-9366-5700-b3c1-060943dc0ffc","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-xznz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-xznz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d2dfc630-72c9-59d4-8c38-948f38210337","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-xznz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-xznz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--919f221c-c092-59e8-875a-56c2b4ea5493","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-nugs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-nugs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0aad85bf-10fc-5961-a6db-523b7e34be42","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-nugs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-nugs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--54875953-ae1b-5521-a1f3-3f7ff8b93e27","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-nugs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-nugs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0dd9257-92d7-5a80-8639-64c9c54c2dd3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-nugs.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-nugs.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12da8b8b-ea30-528a-b3e3-d2652fb0a642","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-gkfq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-gkfq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5949d43d-b370-5944-ba21-6a4981cb9dd0","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-gkfq.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-gkfq.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e76c744-e847-5f0a-92cc-08cd9efcbc48","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-edxp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-edxp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--edf135cb-6fe2-52e3-a53a-01e979ee95c9","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-edxp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-edxp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--909a50ed-36c7-51b6-b449-fa4dfb618557","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-cwpr.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-cwpr.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f933f2d6-abec-53d3-a699-096331dbb342","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-cwpr.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-cwpr.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3505e37-c615-593c-bac3-5e856f520135","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-awja.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-awja.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4f37478-b76f-5edc-92d9-33cab04e16cc","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-awja.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-awja.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--acd404ea-7a32-59db-83a0-174e844fe71b","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-frhn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-frhn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17c36f5c-afd1-567c-b732-b038cfdd18fc","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-frhn.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-frhn.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd29d344-d066-504a-99d4-622e2c723f89","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-edxp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-edxp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97547e1c-df37-5e88-b3d8-438a607fc026","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-edxp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-edxp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c33769c-caaa-5f93-8d6f-f11ff44881f9","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-mgso.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-mgso.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4636bfa6-20b4-56bd-87e9-82ff3171a6c2","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-mgso.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-mgso.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec0ba240-5ac6-5340-a111-ba6caddb5980","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-xznz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-xznz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c3d6f07-fd48-596c-8148-c35ecc941ed6","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-xznz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-xznz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b93c67a3-6059-50c4-a161-ef2efb869a3c","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"gov-vfkm.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gov-vfkm.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ed8bd91-57a9-5890-838d-9e3f8f04423b","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://gov-vfkm.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gov-vfkm.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2bd02a7b-35c8-52a7-9659-379bf6be6085","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-vfkm.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-vfkm.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d51f5e9-4f36-5be6-8d4f-330fa48185d0","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-vfkm.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-vfkm.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d9b1815-758f-5744-bca0-86c4b468715a","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"florida.gov-kdiy.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'florida.gov-kdiy.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76eaea06-5097-51d1-a594-04181cc6fdf3","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://florida.gov-kdiy.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://florida.gov-kdiy.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--179e392e-ee89-57c0-8394-7803677aca3d","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"http://47.253.139.79","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://47.253.139.79']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4261c429-0f8d-5f5b-bd0d-ed313e90b822","created":"2026-05-03T07:03:00.000Z","modified":"2026-05-03T07:03:00.000Z","valid_from":"2026-05-03T07:03:00.000Z","name":"47.253.139.79","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.253.139.79']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050833514476519917"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c50bf42f-98b5-5dd5-b716-a657df92c4d1","created":"2026-05-03T07:48:00.000Z","modified":"2026-05-03T07:48:00.000Z","valid_from":"2026-05-03T07:48:00.000Z","name":"212.193.3.143","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '212.193.3.143']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050844810118914123"}],"labels":["C2","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10dce97b-aef3-5a23-89fc-e4da28dffd2c","created":"2026-05-03T07:48:00.000Z","modified":"2026-05-03T07:48:00.000Z","valid_from":"2026-05-03T07:48:00.000Z","name":"160.187.210.154","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '160.187.210.154']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2050844810118914123"}],"labels":["C2","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf361433-f680-57a3-a005-a5b1998fca4d","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"goolgme.net","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'goolgme.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--152e6544-2e94-53f1-bf81-0257335c4d64","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://goolgme.net","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://goolgme.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e2a1efe-a875-5c0d-be92-e180fbbea749","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"gooomld.top","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gooomld.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fcd8571-ec26-5dfb-8d2c-31fb7e15b2f2","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://gooomld.top","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gooomld.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8715000a-e037-55b3-8330-4fd4575001fe","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"goolmor.cyou","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'goolmor.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c608c51a-082b-5c54-97c8-351a38f95a93","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://goolmor.cyou","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://goolmor.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--726a9126-84d1-5b45-921a-6ed31a3ed16a","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"fgsdol.icu","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fgsdol.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9222af7b-a5d3-5e93-bc6c-d309fa733e4d","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://fgsdol.icu","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fgsdol.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f9c2686-1b75-5c0c-a7a4-f570aa2a58ad","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"vsdnk.top","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vsdnk.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a58ba0b7-361b-5068-93cd-7dc0e611439a","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://vsdnk.top","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vsdnk.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f051b88-dc43-5517-8c71-f158aca96dc0","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"gooomoel.shop","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gooomoel.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--781b2084-4c30-5c6b-87c0-65d2d7d8fd6a","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://gooomoel.shop","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gooomoel.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--59565dc4-f604-5668-ae10-d5242b7acaad","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"gooomoel.icu","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gooomoel.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--62b71f61-db16-5963-b6e4-b484e91b454e","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://gooomoel.icu","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gooomoel.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b16e91f-9e3d-550a-b6a5-6ecb5bf2533a","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"googlehguk.com","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'googlehguk.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--df8f751a-7aa3-55ea-bb00-bc165b2acdb3","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://googlehguk.com","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://googlehguk.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f53d3c7-8a32-534f-b811-2aee3ed8715e","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"googlehfgj.qpon","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'googlehfgj.qpon']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--165ca435-1552-5225-adc1-740fe2729522","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://googlehfgj.qpon","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://googlehfgj.qpon']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dad8c11e-0356-5dce-92e0-9f8134dad99f","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"googlehfgj.cyou","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'googlehfgj.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc7ae5cc-a2d1-5fdb-a903-7c0ef390f721","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://googlehfgj.cyou","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://googlehfgj.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--126f58d4-3c34-57b1-88f2-9136c0b84711","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"googlehfgj.shop","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'googlehfgj.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--82afef71-40bf-584b-a1e4-c87e512f6c91","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://googlehfgj.shop","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://googlehfgj.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5255a94b-95d9-514a-9518-2521e33dfdc1","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"googelm.com","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'googelm.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--92248abb-3be7-5684-99c5-2833cdb563a5","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://googelm.com","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://googelm.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8aedc1a-9b30-5cca-8fbe-34b0d4ec00a2","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"gofjasj.help","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gofjasj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5fe6a25-4c57-5370-ac3c-88aa0bd1cc92","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://gofjasj.help","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gofjasj.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e2fc969-3b6a-50db-8ed8-93cc8138abff","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"dadasf.qpon","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dadasf.qpon']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--99cb89c7-bd3b-5216-b9fc-d3623732f793","created":"2026-05-03T07:51:00.000Z","modified":"2026-05-03T07:51:00.000Z","valid_from":"2026-05-03T07:51:00.000Z","name":"http://dadasf.qpon","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dadasf.qpon']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050845607636721995"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--83a30107-59ca-5301-b01e-977a2c6ea712","created":"2026-05-03T08:01:00.000Z","modified":"2026-05-03T08:01:00.000Z","valid_from":"2026-05-03T08:01:00.000Z","name":"zyisykm.shop","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zyisykm.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050848083182063902"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a070c60-8ca3-59c2-9ebc-67e6f2408831","created":"2026-05-03T08:01:00.000Z","modified":"2026-05-03T08:01:00.000Z","valid_from":"2026-05-03T08:01:00.000Z","name":"https://zyisykm.shop/:man_shrugging","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zyisykm.shop/:man_shrugging']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050848083182063902"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75969bac-8f3b-5c44-90d9-c7d8a8a9544f","created":"2026-05-03T08:01:00.000Z","modified":"2026-05-03T08:01:00.000Z","valid_from":"2026-05-03T08:01:00.000Z","name":"http://xqwmwru.topgovbrk.shop","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xqwmwru.topgovbrk.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050848226442649847"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f9b7a59-08c7-5ea5-a989-72a619dcb28d","created":"2026-05-03T08:01:00.000Z","modified":"2026-05-03T08:01:00.000Z","valid_from":"2026-05-03T08:01:00.000Z","name":"149.104.24.197","description":"IOC reported by @bhttparitosh on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '149.104.24.197']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bhttparitosh/status/2050848226442649847"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab9bab05-1ede-5721-8faf-9e1d2bcdf7e7","created":"2026-05-03T08:56:00.000Z","modified":"2026-05-03T08:56:00.000Z","valid_from":"2026-05-03T08:56:00.000Z","name":"ablaqueate.cfd","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ablaqueate.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2050861937253400913"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3ef7b10-1c6e-5302-ab19-17ef4579805f","created":"2026-05-03T08:56:00.000Z","modified":"2026-05-03T08:56:00.000Z","valid_from":"2026-05-03T08:56:00.000Z","name":"https://ablaqueate.cfd","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ablaqueate.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2050861937253400913"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5fa6de5-7d34-5a07-a84b-24ee18720591","created":"2026-05-03T11:53:00.000Z","modified":"2026-05-03T11:53:00.000Z","valid_from":"2026-05-03T11:53:00.000Z","name":"invoice-inc.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice-inc.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050906481659457697"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5abdce81-68a7-5c63-849a-33e9ed463778","created":"2026-05-03T11:53:00.000Z","modified":"2026-05-03T11:53:00.000Z","valid_from":"2026-05-03T11:53:00.000Z","name":"http://invoice-inc.info/download.html","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice-inc.info/download.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050906481659457697"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22725a83-aa71-5d57-9fee-750647cd40f7","created":"2026-05-03T11:53:00.000Z","modified":"2026-05-03T11:53:00.000Z","valid_from":"2026-05-03T11:53:00.000Z","name":"relyvirtual-accessed.info","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'relyvirtual-accessed.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050906481659457697"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1d9572a-c164-567b-b0bb-da5e750811d4","created":"2026-05-03T11:53:00.000Z","modified":"2026-05-03T11:53:00.000Z","valid_from":"2026-05-03T11:53:00.000Z","name":"http://relyvirtual-accessed.info/dobe/complete.php","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://relyvirtual-accessed.info/dobe/complete.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050906481659457697"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac4c5aa5-76e2-5d2c-9db2-dfe40b8e3a81","created":"2026-05-03T12:17:00.000Z","modified":"2026-05-03T12:17:00.000Z","valid_from":"2026-05-03T12:17:00.000Z","name":"ledger-desktop.io","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ledger-desktop.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050912749291725230"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--303af57a-f240-5e75-bcad-981d6b7e2844","created":"2026-05-03T12:17:00.000Z","modified":"2026-05-03T12:17:00.000Z","valid_from":"2026-05-03T12:17:00.000Z","name":"https://www.ledger-desktop.io","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.ledger-desktop.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050912749291725230"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfe8908a-c81b-5bfa-b732-b4f36fead409","created":"2026-05-03T13:17:00.000Z","modified":"2026-05-03T13:17:00.000Z","valid_from":"2026-05-03T13:17:00.000Z","name":"southgatelectric.pages.dev","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'southgatelectric.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050927763763388529"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fbefa28e-22ac-578a-bc09-70d2efbad58b","created":"2026-05-03T13:17:00.000Z","modified":"2026-05-03T13:17:00.000Z","valid_from":"2026-05-03T13:17:00.000Z","name":"http://southgatelectric.pages.dev","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://southgatelectric.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050927763763388529"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca8658f2-2918-5f6e-b889-f3628cb0438c","created":"2026-05-03T13:17:00.000Z","modified":"2026-05-03T13:17:00.000Z","valid_from":"2026-05-03T13:17:00.000Z","name":"trinoxbu.com.de","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'trinoxbu.com.de']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050927763763388529"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2b5f866-52d3-58bc-a3e4-ee01df3a0844","created":"2026-05-03T13:17:00.000Z","modified":"2026-05-03T13:17:00.000Z","valid_from":"2026-05-03T13:17:00.000Z","name":"http://trinoxbu.com.de/D3UNS7qTRno/","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://trinoxbu.com.de/D3UNS7qTRno/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050927763763388529"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fa55b9f-07f4-5f53-96cf-6907cb5c9a8b","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"asoiwxoin.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'asoiwxoin.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66b17c81-112a-5e7d-aa17-6d0a65bd0917","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://asoiwxoin.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://asoiwxoin.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d902d0b-8631-5741-ae96-cc47877c7701","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"doeiseoivud.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doeiseoivud.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--13f95a55-2981-5325-87da-073b948f8011","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://doeiseoivud.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doeiseoivud.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c3c554e-e410-57e1-bc55-2cb9d99295d1","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"doieunvdusega.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doieunvdusega.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e21522cc-c848-5981-9e26-a960beec1c14","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://doieunvdusega.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doieunvdusega.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--57900d67-551b-50f9-83e8-7b8af6af6bbc","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"dooiuonsi.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dooiuonsi.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce592633-ecf4-5d02-be46-46d98df6241d","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://dooiuonsi.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dooiuonsi.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--109f78f9-bf0d-50c8-9ab0-d63eacd0fb32","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"32.yateo.rest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '32.yateo.rest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48ba5ddd-ae1a-5926-a32e-8e2147b0d0d0","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://32.yateo.rest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://32.yateo.rest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cbd1b3db-a5d1-594e-8a3b-5da9af8447c8","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"sooiwoins.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sooiwoins.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--434e0a6f-ae88-5a16-85a3-0b3ecbbe57ba","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://sooiwoins.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sooiwoins.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22c88bea-1ad2-5f81-baa0-5aad46cf85c9","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"oiucsoiginao.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'oiucsoiginao.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4097e7c5-e88d-5008-92b4-908336b1cfc7","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://oiucsoiginao.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://oiucsoiginao.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ce95df2-ff43-51bd-bb52-b932f477818b","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"soiuniozi.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'soiuniozi.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9eec670-491c-54d7-ad26-59c33db34204","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://soiuniozi.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://soiuniozi.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4191ed21-178b-50ee-a235-f595c206dc8d","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"cisiuowin.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cisiuowin.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d2840c8c-a822-53ef-af49-381b5946f73e","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://cisiuowin.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cisiuowin.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e684747-eca5-5698-b7ee-c1b2f45fb9bd","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"eiociuseioni.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eiociuseioni.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--150baf03-0962-58a5-8c3f-3a06a0c209fb","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://eiociuseioni.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eiociuseioni.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--476b8247-cba0-5869-b14d-099166bf7db0","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"sowepcioi.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sowepcioi.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--191630f6-f0b5-5473-94b2-0878d47a2dfb","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://sowepcioi.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sowepcioi.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dacdb4e4-abf0-51c5-812f-dc263ceef801","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"edisoiunido.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edisoiunido.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2a791b2-cb30-5615-82d7-5b4bb8d0e5e4","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://edisoiunido.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edisoiunido.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04ea5144-5b45-53b2-8f1f-e195c9a9f7bd","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"iocuseripoiu.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iocuseripoiu.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c5e6a76-2804-5fd3-842e-0df921007c6b","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://iocuseripoiu.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://iocuseripoiu.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac77242d-91b9-5c32-a83e-ad6a306ff60f","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"avsoinesoi.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'avsoinesoi.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--768f0af2-0f55-543c-b81a-44477fa8eec1","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://avsoinesoi.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://avsoinesoi.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c25db5f-8a01-5908-b66a-c2fd3d709990","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"acme-challenge.ms.cdn.dnscloud.contact","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'acme-challenge.ms.cdn.dnscloud.contact']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad640444-c33c-50bd-a32d-546abe6404f1","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://acme-challenge.ms.cdn.dnscloud.contact","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://acme-challenge.ms.cdn.dnscloud.contact']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9bddf39-a325-54a6-9525-2099b48ded1c","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"cagoo.cyou","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cagoo.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91f44cf6-ca94-5a49-9250-ebe6cfd93c58","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://cagoo.cyou","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cagoo.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--382df212-87bd-5af8-a717-ec166bddef67","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"koseg.rest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'koseg.rest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--179b9997-1065-557b-9284-7d046aaddab3","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://koseg.rest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://koseg.rest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eca3cec9-6b67-53f1-93c5-22c4558e8a5b","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"pakig.bond","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pakig.bond']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9106aaaf-a7af-5284-bc01-75d2f5f3e017","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://pakig.bond","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pakig.bond']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b6ecd1e-4d45-5633-9fc2-1e51730ab3a3","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"danwo.cyou","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'danwo.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be89815e-4898-5867-a138-22df5a4b94ed","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://www.danwo.cyou","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://www.danwo.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dbbc938b-070a-5d52-8217-7279adc5e9d1","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://danwo.cyou","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://danwo.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9e147d4-140e-51e2-b3ec-715d1954a665","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"yateo.rest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'yateo.rest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b6450b2-8a77-5750-bbed-9b1fc1d780b6","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://yateo.rest","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://yateo.rest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8100cd5d-c923-577a-beb0-c844e67dc5f2","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"mgais.hair","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mgais.hair']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41039de8-8cb2-57a1-a6f2-1e639ef91d8c","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://mgais.hair","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mgais.hair']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c577871c-200c-5289-bb29-b60f7a4195ac","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"http://158.247.244.153","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://158.247.244.153']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d55dee0e-1a0f-5a74-ac6e-2ade8eed1d58","created":"2026-05-03T13:42:00.000Z","modified":"2026-05-03T13:42:00.000Z","valid_from":"2026-05-03T13:42:00.000Z","name":"158.247.244.153","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '158.247.244.153']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050934068489949471"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f81e667-305d-532b-a16b-9e9285a15c33","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"record.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'record.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b488c4f7-9c0a-5b2f-b343-d891526bddf2","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://record.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://record.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f42e4a2c-79f6-5179-aa66-9e13045bca9b","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"check.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'check.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6240d891-42fe-5bc4-a811-714d399278c1","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://check.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://check.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83fe06cd-93d2-567e-828f-48d0b5ec5597","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"inform.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inform.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43dc2764-8a83-5bfe-ac20-70bd1f90be2d","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://inform.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inform.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8332ae33-c058-5401-be7f-258a9a81a080","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"read.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52fd4431-c3fb-5ba3-a31a-b6f417f521a3","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://read.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fa1e596-62d9-5917-86bf-277b52a22e53","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"portal.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'portal.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aabd3680-de73-59bb-8f84-8ee11b912c84","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://portal.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://portal.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01c498ff-24b6-52da-8c08-3976b5c85340","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"notice.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'notice.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fab856cb-51be-5e43-a926-2b27d5f4a4c3","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://notice.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://notice.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fc4747f-e63a-5c1a-91fb-e7f5cbf95909","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"service.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'service.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--434a2cca-8fec-573b-95fc-94d5ff027265","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://service.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://service.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1af035a0-2d0f-5196-87a4-d633cc4d92bd","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"system.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'system.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--671ed8af-f30b-566a-b1b7-2d35c94f3c96","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://system.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://system.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3df8c613-a96c-59e7-93c1-fae89eec8a43","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"view.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'view.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4982857b-2865-5038-89dc-44e46ce48c67","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://view.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://view.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7021e593-7820-5086-b520-46ffa4d79935","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8e83659-ed28-54b6-a0f7-9953648ca6ff","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa91e530-4711-5720-ba3d-d7c90e14f28f","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"document.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'document.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8e868d9-ff4f-5523-ab7b-8b7777be78d8","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://document.my-kics-info.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://document.my-kics-info.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--befcd608-df87-5f70-b7ca-8b8f9d49e15c","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"dynazdom.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dynazdom.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8bd92b3-d60e-5a88-91cf-74716a091ff8","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://dynazdom.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dynazdom.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3552d39e-3f3f-54a7-b1d7-496be90576c7","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2ee9d77-e369-54f4-a405-6a854db3f582","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a752eda9-0fa5-5430-8293-ec7821639b93","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"user.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'user.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--743b61ff-63fc-5654-96d2-78c553a32937","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://user.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://user.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab588b58-8f46-569d-8112-0c75a57118ee","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"esimdgit1.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'esimdgit1.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--daac236c-9787-578c-9b27-89f7847c5a85","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://esimdgit1.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://esimdgit1.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0fcce61f-b1d7-589d-9224-ec339a98334f","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"dtickaree.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dtickaree.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3108683-4187-5a6c-af61-6771a9179e1e","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://dtickaree.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dtickaree.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0f9d088-c280-5154-96f6-0c177e5c2d09","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"dso9asops.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dso9asops.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4be73ef9-c82c-5f48-bafc-bbb4e061d850","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://dso9asops.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dso9asops.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6b28e52-3007-515e-8c28-254974a9f9bf","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"djeufjguej98.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'djeufjguej98.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f9813d9-67d2-573a-aa0a-bdae65f66c94","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://djeufjguej98.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://djeufjguej98.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b9a1543-bad4-5353-8d5e-0510cd45f020","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"tyfdj3eu.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tyfdj3eu.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05adbb6b-5b00-5e31-bcf1-168c81bb1a1f","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://tyfdj3eu.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tyfdj3eu.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d61e36ab-c532-5816-83ea-a80dd5cf5423","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"edn8uo7z.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edn8uo7z.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d95e63a6-4bdb-5bf0-9962-4860ee9d1ec0","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://edn8uo7z.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edn8uo7z.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a12571b-936f-5a78-82f6-b5d5f0386e43","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"dsolanosi.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dsolanosi.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fdfaa36a-236c-50cc-9ef6-7e95b2cb6ec9","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://dsolanosi.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dsolanosi.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27d66e80-74eb-5dc7-b398-353e365e3219","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"daurora.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'daurora.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17ba691d-3592-53ea-9a75-54de00401c6f","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://daurora.skyhighinfo.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://daurora.skyhighinfo.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ccb3253e-570f-5d10-8b22-600e1e7fe604","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"control.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'control.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5081516b-408c-5ca0-b149-8b229468122e","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://control.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://control.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d1fe55a-5b73-5643-ae1a-0ff0f96126de","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"address.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'address.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d43bd8eb-1bf1-52f0-9fac-7bbdb0db7081","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://address.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://address.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1641e16c-d4b2-5fed-a45f-f66309af7bb6","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"tech.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tech.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--003a19a0-da48-56f1-b822-c643057c1107","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://tech.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tech.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d1bdca9-de62-5c9a-9482-31793f1b1e1e","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"user.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'user.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f229057-cc24-5269-8ac0-856acedcbb58","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://user.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://user.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d890af3-9584-5612-baaf-8991f5744f05","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"deliver.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'deliver.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d4b5abf-a976-5d30-b1f1-1336908ff323","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://deliver.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://deliver.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cda086c4-897e-582e-85ec-1b5bfb00cd9a","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"next.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'next.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c15b75cb-a48a-5db9-b272-0ccafb0fbe6a","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://next.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://next.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfd35865-feca-5594-bca2-950a0b40cc9f","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"mfa.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mfa.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9950c67b-c12a-5ceb-8584-818214f2da8a","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://mfa.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mfa.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bc16b54-8470-5ef4-b879-4c31a9476166","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"confirm.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'confirm.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c68d530-9a1a-59dc-8621-0b637f167d9a","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://confirm.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://confirm.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0f0e059-39ed-5d46-8e71-1134d7fc6887","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"clear.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'clear.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35162c82-764c-5df0-83c6-293da3dfb64b","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://clear.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://clear.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a13c8b2-9435-5e10-9ed7-f33c36f2863e","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"call.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'call.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d3e4667-5388-5056-b767-a72f24344c53","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://call.review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://call.review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75b8b0c7-1cae-5f50-814f-fd7544858842","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e07e2e9f-776c-5a54-b544-84585104ae6c","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://review-order-check.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://review-order-check.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae467d7f-5d18-5e6b-9b90-bdf21d8940e2","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"cdn-verifying.homes","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cdn-verifying.homes']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8371213f-4f7c-5517-b185-6a22a84a7970","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://cdn-verifying.homes","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cdn-verifying.homes']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02b3c282-1711-594a-8381-3e556dcc885b","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"digital-post.live","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'digital-post.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8c8e4c7-0958-51a2-8e4a-0d8727aae632","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://digital-post.live","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://digital-post.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dee1ba6b-ccfb-5f00-a036-0759928e22f8","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"paperless-korea.one","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'paperless-korea.one']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--327317bb-b0c8-5fce-81d3-6fa33c844136","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://paperless-korea.one","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://paperless-korea.one']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b22ce89d-dc71-5581-a700-b2ca6984550a","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"smart-bill-korea.cyou","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'smart-bill-korea.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9c4b29f-2c0b-56f5-8352-c8df22fef2f4","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://smart-bill-korea.cyou","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://smart-bill-korea.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47c59f10-3ad9-5f43-8934-d8c377033033","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"confirm-url.makeup","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'confirm-url.makeup']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5dfdd14-c1dd-5a5a-81af-c10e447d02a3","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://confirm-url.makeup","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://confirm-url.makeup']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e1355f9-9378-5c35-a8b3-0f65f4d5a072","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"official-notice.click","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'official-notice.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9141ba24-4428-5364-b229-f70c415704f8","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://official-notice.click","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://official-notice.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c2f6f0b-da2b-5839-b818-5435078ea3cd","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"wuifkjadl328-37djhldakjhvk23-vkjetlkj96dafljk28.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wuifkjadl328-37djhldakjhvk23-vkjetlkj96dafljk28.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3abdc0a3-a73a-578c-8b48-dc852d74320f","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://wuifkjadl328-37djhldakjhvk23-vkjetlkj96dafljk28.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wuifkjadl328-37djhldakjhvk23-vkjetlkj96dafljk28.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9de0b774-6f81-5f87-8edd-f88daa674d54","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"mail.jahsdlqw23oljsfou-cklvjqawer17841jxvla-132948asdkjfqlwery.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mail.jahsdlqw23oljsfou-cklvjqawer17841jxvla-132948asdkjfqlwery.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3d066a0-50a1-5005-93b2-dfcb4650bfdc","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://mail.jahsdlqw23oljsfou-cklvjqawer17841jxvla-132948asdkjfqlwery.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mail.jahsdlqw23oljsfou-cklvjqawer17841jxvla-132948asdkjfqlwery.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--87c88591-6f41-55c8-b34f-1418ce039e3f","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"dkr178sdk-13sd9kq-zmeaojk123.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dkr178sdk-13sd9kq-zmeaojk123.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1ecced4-a052-57fe-9b1e-95b635863443","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://dkr178sdk-13sd9kq-zmeaojk123.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dkr178sdk-13sd9kq-zmeaojk123.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e401cbec-c2af-55f5-a0e9-a961d1967e76","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"2o3sahfoq782lweshf.238salksdas-qlaksdhf1938-zxckva124cvarq.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '2o3sahfoq782lweshf.238salksdas-qlaksdhf1938-zxckva124cvarq.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8953ec9-c4f0-5421-8cad-072619929afd","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://2o3sahfoq782lweshf.238salksdas-qlaksdhf1938-zxckva124cvarq.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://2o3sahfoq782lweshf.238salksdas-qlaksdhf1938-zxckva124cvarq.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e3b067d-cee5-5c82-a8bf-3e904223485e","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"jahsdlqw23oljsfou-cklvjqawer17841jxvla-132948asdkjfqlwery.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jahsdlqw23oljsfou-cklvjqawer17841jxvla-132948asdkjfqlwery.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--180e0332-18fc-5fda-9d22-56b939d84ced","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://jahsdlqw23oljsfou-cklvjqawer17841jxvla-132948asdkjfqlwery.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jahsdlqw23oljsfou-cklvjqawer17841jxvla-132948asdkjfqlwery.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10f2fca5-a752-5b8a-b919-fe077b139b74","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"238salksdas-qlaksdhf1938-zxckva124cvarq.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '238salksdas-qlaksdhf1938-zxckva124cvarq.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0f22592-2ddc-5dc0-9ffe-ef520d2f688c","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://238salksdas-qlaksdhf1938-zxckva124cvarq.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://238salksdas-qlaksdhf1938-zxckva124cvarq.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7d55b75-872e-5833-8bb7-f0b1ca437098","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"sl381o8vcqad-23ouvzl2934511-cvqwecvjkaw38as.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sl381o8vcqad-23ouvzl2934511-cvqwecvjkaw38as.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a0732878-2b7a-5994-8dfe-99f39ae161f8","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://sl381o8vcqad-23ouvzl2934511-cvqwecvjkaw38as.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sl381o8vcqad-23ouvzl2934511-cvqwecvjkaw38as.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--950466f6-d9f3-5360-b4ba-3d5dd2d7938f","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"nbai23-aba-3251c-3a12.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nbai23-aba-3251c-3a12.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--808e06da-21e1-5d25-9786-5de616283bed","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://nbai23-aba-3251c-3a12.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nbai23-aba-3251c-3a12.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f6f694e-21c8-5049-b38b-7ab48449daf8","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"78y123hosa7ydfl-kjshalkjh12378y1-xzxvql3oilq81o8u1.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '78y123hosa7ydfl-kjshalkjh12378y1-xzxvql3oilq81o8u1.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c02c55c-029d-58bf-831d-9ec678a7ed92","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://78y123hosa7ydfl-kjshalkjh12378y1-xzxvql3oilq81o8u1.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://78y123hosa7ydfl-kjshalkjh12378y1-xzxvql3oilq81o8u1.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb9d872a-93c3-5b83-91d6-637b502533a0","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"naveruserlogininfo.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'naveruserlogininfo.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dad11f11-f26d-509c-927a-900c632ba54d","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://naveruserlogininfo.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://naveruserlogininfo.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e64343bd-6f7f-55f5-b3c6-75fcc4e61c65","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"bas098-absbd98basdb-dsbas.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bas098-absbd98basdb-dsbas.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c8daee1-90d1-577a-83b0-ec2bd5223c4c","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://bas098-absbd98basdb-dsbas.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bas098-absbd98basdb-dsbas.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47f28594-1a50-5957-92f2-f59021cb8cdd","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"naversecure.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'naversecure.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--006f43c7-691f-56a1-af50-8dc28cd80d26","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://naversecure.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://naversecure.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c267bd23-8376-5b54-8d19-f5777ca04123","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"nidnaver.online","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidnaver.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44170a91-0336-56cb-a4e5-2fcc71b0207b","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://nidnaver.online","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidnaver.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d97c1e8c-a977-5464-bf70-f7d54c10aa2f","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"nidnaverinfo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidnaverinfo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--de589e02-0cee-5924-87b2-585c68aaf7f9","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://nidnaverinfo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidnaverinfo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4a1e6dd-48ed-527d-9102-1aed237e761c","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"nid-naverauth.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-naverauth.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4eb4cc18-674d-50d7-b85b-9ec483093ea9","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://nid-naverauth.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-naverauth.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9589d490-6f67-5e7f-aaf2-743d2ad177e9","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"http://27.102.138.108","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.138.108']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41c7799f-2ff4-5152-9cec-1d59da98e8a1","created":"2026-05-03T13:51:00.000Z","modified":"2026-05-03T13:51:00.000Z","valid_from":"2026-05-03T13:51:00.000Z","name":"27.102.138.108","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.138.108']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050936246638109037"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f8cc567-ad8b-57b6-86f3-a33823eb78b0","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"441929450c2er.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '441929450c2er.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c427a81-65ae-5714-9c28-904c6905ebfa","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://441929450c2er.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://441929450c2er.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1acca91a-36ca-5204-92f2-43a6ef022373","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"96ad0e.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '96ad0e.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bff8d1a2-c2cf-5da2-9012-22173d0b1401","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://96ad0e.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://96ad0e.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b95aad3c-1014-56d8-9eb3-245aa89a0db3","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"c95296a.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'c95296a.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e4bbdd2-9338-557e-9c31-b134cb8ce7f8","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://c95296a.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://c95296a.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84899a41-f2d2-5638-b183-f7091c89a009","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"00a7c185.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '00a7c185.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9b20961-d731-5b00-a945-f9e61ff9e1d0","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://00a7c185.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://00a7c185.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02efeeff-36c7-5282-aa69-76c950f2d5e6","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"8c4a551a.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '8c4a551a.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be68b18a-439d-5abd-8024-26e043482b8a","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://8c4a551a.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://8c4a551a.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af7782e4-8174-5174-b517-a3c52e259cc0","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"chill192bbc5.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chill192bbc5.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0dc150fa-8874-5c13-aadd-ecd2252be6ec","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://chill192bbc5.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chill192bbc5.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e87cc04-f2e6-5fc3-9893-1d2d2203ae49","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"65af02748d.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '65af02748d.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--df6dc46c-0cb1-528c-b73a-276d75efe601","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://65af02748d.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://65af02748d.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--778b29dd-d5c1-5595-ba18-82899dd34b6b","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"devomni.kopostinfo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'devomni.kopostinfo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--212a3306-ca56-511d-be7a-51f5290e6e23","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://devomni.kopostinfo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://devomni.kopostinfo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ecf1173-1e7d-5db7-8cb4-58b642799324","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"cisgen.kopostinfo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cisgen.kopostinfo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f3e9579-ac61-5532-abd3-54a548baf45c","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://cisgen.kopostinfo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cisgen.kopostinfo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e088c9b-96be-5311-a655-efcfecccbabd","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"s1rsvhzap9huozkc.d9nothjedlights.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 's1rsvhzap9huozkc.d9nothjedlights.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1de6c073-d37c-50e3-ae94-93c878add34d","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://s1rsvhzap9huozkc.d9nothjedlights.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://s1rsvhzap9huozkc.d9nothjedlights.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4fff628-f638-5e53-8fc5-9f99e1dd07ef","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"8e9-721293i-c1efdd26i-0aa5.d9nothjedlights.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '8e9-721293i-c1efdd26i-0aa5.d9nothjedlights.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffd36247-b0c6-5abf-9095-245af916dd7b","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://8e9-721293i-c1efdd26i-0aa5.d9nothjedlights.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://8e9-721293i-c1efdd26i-0aa5.d9nothjedlights.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--de1b1788-6ab1-5e27-b97b-2c69c6bc6170","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"8e9-721293i-c1efdd26i-0aa5.kopostinfo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '8e9-721293i-c1efdd26i-0aa5.kopostinfo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac925ded-5b47-5a4c-8e88-03a92d08e070","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://8e9-721293i-c1efdd26i-0aa5.kopostinfo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://8e9-721293i-c1efdd26i-0aa5.kopostinfo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07d59ac5-a16e-5788-a212-31fc730b5000","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"8e9-721293i-c1efdd26i-0aa5.cpost-ko.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '8e9-721293i-c1efdd26i-0aa5.cpost-ko.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0895130c-8b1c-527e-a2d9-38e05dd68321","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://8e9-721293i-c1efdd26i-0aa5.cpost-ko.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://8e9-721293i-c1efdd26i-0aa5.cpost-ko.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1323b07-e853-59c1-b01e-c48944c9bcb9","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"cpost-ko.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cpost-ko.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--855d902e-7181-5725-bb87-ebda7d8768fe","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://cpost-ko.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cpost-ko.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e15c215f-5044-54d5-8fe8-443bbf00f3e9","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"navercorp.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navercorp.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47bc5144-3906-5770-b7d4-f51e45b3e392","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://navercorp.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navercorp.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e097ea28-20f0-5e79-ac03-80cfc3aa401b","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://27.102.137.122","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.137.122']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e250b2e6-9d1c-5cea-b82f-c7db996ac77f","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"naaverrr.com.12-ko-official.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'naaverrr.com.12-ko-official.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd437a24-39f0-5d60-b1fa-888cc79adc4c","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://naaverrr.com.12-ko-official.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://naaverrr.com.12-ko-official.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f216a0dc-8866-591e-8e93-38ddddb1dedf","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"com.12-ko-official.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'com.12-ko-official.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98bf5a20-9c47-5a4e-b920-98bc0dadb274","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://com.12-ko-official.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://com.12-ko-official.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0f682cb-5bd0-57bf-87fd-52e2d530f027","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"naverrr.com.12-ko-official.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'naverrr.com.12-ko-official.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35d8a06e-d15f-57f8-82cc-83ffc11542f7","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://naverrr.com.12-ko-official.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://naverrr.com.12-ko-official.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21137276-a9b9-5766-b08d-613345a7520b","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"naverr.com.12-ko-official.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'naverr.com.12-ko-official.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99a10917-2749-54df-871b-9f6062135eed","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://naverr.com.12-ko-official.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://naverr.com.12-ko-official.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b4df235-86af-5354-ab94-265c3bfa1907","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"login-co-kr.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login-co-kr.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01887c78-5791-5057-a4bf-5ad54573444b","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://login-co-kr.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://login-co-kr.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02b67355-c4a0-54d4-b6ba-15959ae31bd3","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"http://27.102.137.207","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.137.207']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15f6bc0c-7948-51fb-b725-9ac3e783924c","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"27.102.137.122","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.122']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fe7af92-7662-57ef-9f56-f33cbb7a4f78","created":"2026-05-03T13:57:00.000Z","modified":"2026-05-03T13:57:00.000Z","valid_from":"2026-05-03T13:57:00.000Z","name":"27.102.137.207","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.207']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050937729416827256"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61eb848f-9427-5533-9496-f267cbfd2437","created":"2026-05-03T14:08:00.000Z","modified":"2026-05-03T14:08:00.000Z","valid_from":"2026-05-03T14:08:00.000Z","name":"e78f511a5e7c09ddb7d146890365c8b7","description":"IOC reported by @ReBensk on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'e78f511a5e7c09ddb7d146890365c8b7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ReBensk/status/2050940657267822603"}],"labels":["Android","Trojan","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4e7cb8e-1720-5240-b8a9-b458ee65724a","created":"2026-05-03T14:08:00.000Z","modified":"2026-05-03T14:08:00.000Z","valid_from":"2026-05-03T14:08:00.000Z","name":"navercom.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navercom.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050940503986761992"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e229a254-9a5e-53bd-a7ad-1a182f100187","created":"2026-05-03T14:08:00.000Z","modified":"2026-05-03T14:08:00.000Z","valid_from":"2026-05-03T14:08:00.000Z","name":"http://navercom.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navercom.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050940503986761992"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--130c336c-c5f6-5452-8bad-27109abde072","created":"2026-05-03T14:08:00.000Z","modified":"2026-05-03T14:08:00.000Z","valid_from":"2026-05-03T14:08:00.000Z","name":"http://125.178.110.74","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://125.178.110.74']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050940503986761992"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71755d5f-4f9b-5b3a-82ec-6ded9aacff1e","created":"2026-05-03T14:08:00.000Z","modified":"2026-05-03T14:08:00.000Z","valid_from":"2026-05-03T14:08:00.000Z","name":"125.178.110.74","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '125.178.110.74']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050940503986761992"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67b8d411-f079-5639-8856-dcfccf3205a5","created":"2026-05-03T16:36:00.000Z","modified":"2026-05-03T16:36:00.000Z","valid_from":"2026-05-03T16:36:00.000Z","name":"http://manager.credits-center.com","description":"IOC reported by @puigdemunt on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://manager.credits-center.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/puigdemunt/status/2050977749875974348"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf7c95e1-9fe5-57cb-ba7e-b0b6269d64b7","created":"2026-05-03T17:41:00.000Z","modified":"2026-05-03T17:41:00.000Z","valid_from":"2026-05-03T17:41:00.000Z","name":"transitionquebec.pages.dev","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'transitionquebec.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2050994155011072291"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d74cfa48-0b98-5b33-ab20-5f44a2031d99","created":"2026-05-03T17:41:00.000Z","modified":"2026-05-03T17:41:00.000Z","valid_from":"2026-05-03T17:41:00.000Z","name":"http://transitionquebec.pages.dev","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://transitionquebec.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2050994155011072291"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--71bc432e-09ef-500b-b8a8-9d94775e8c9d","created":"2026-05-03T17:41:00.000Z","modified":"2026-05-03T17:41:00.000Z","valid_from":"2026-05-03T17:41:00.000Z","name":"bcs-kc.pages.dev","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bcs-kc.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2050994155011072291"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7df8a139-9346-5142-b9a4-872c2096190b","created":"2026-05-03T17:41:00.000Z","modified":"2026-05-03T17:41:00.000Z","valid_from":"2026-05-03T17:41:00.000Z","name":"harbourcityconstruction.pages.dev","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'harbourcityconstruction.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2050994155011072291"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--17812741-db59-568c-aefa-337947f916e7","created":"2026-05-03T17:41:00.000Z","modified":"2026-05-03T17:41:00.000Z","valid_from":"2026-05-03T17:41:00.000Z","name":"http://harbourcityconstruction.pages.dev","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://harbourcityconstruction.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2050994155011072291"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1556b429-1214-5f4a-bb8f-2b4a2c537bf9","created":"2026-05-03T17:41:00.000Z","modified":"2026-05-03T17:41:00.000Z","valid_from":"2026-05-03T17:41:00.000Z","name":"http://loio.pages.dev","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://loio.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2050994155011072291"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--95557d26-3666-541f-81a4-e293d3214cec","created":"2026-05-03T17:48:00.000Z","modified":"2026-05-03T17:48:00.000Z","valid_from":"2026-05-03T17:48:00.000Z","name":"http://hwea.trueappstackview.click","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hwea.trueappstackview.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050996014426054919"}],"labels":["ClickFix","malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3181d91-c66a-5323-aae9-8cb4e00225ee","created":"2026-05-03T17:48:00.000Z","modified":"2026-05-03T17:48:00.000Z","valid_from":"2026-05-03T17:48:00.000Z","name":"tastevolume.monster","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tastevolume.monster']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050996014426054919"}],"labels":["ClickFix","malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86537be8-f613-5011-a13c-a054c98361c7","created":"2026-05-03T17:48:00.000Z","modified":"2026-05-03T17:48:00.000Z","valid_from":"2026-05-03T17:48:00.000Z","name":"http://tastevolume.monster/api/index.php?a=dl&token=","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tastevolume.monster/api/index.php?a=dl&token=']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2050996014426054919"}],"labels":["ClickFix","malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7d2c754-0bbe-5d14-a654-ef4f99734d5f","created":"2026-05-03T18:03:00.000Z","modified":"2026-05-03T18:03:00.000Z","valid_from":"2026-05-03T18:03:00.000Z","name":"http://45.61.136.27","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.61.136.27']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050999701390938280"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4b87197-6ae8-5ab3-bb7b-b9bcd718c159","created":"2026-05-03T18:03:00.000Z","modified":"2026-05-03T18:03:00.000Z","valid_from":"2026-05-03T18:03:00.000Z","name":"reggyupdated.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'reggyupdated.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050999701390938280"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d075235-43bd-5254-81fc-0173a24fa5a8","created":"2026-05-03T18:03:00.000Z","modified":"2026-05-03T18:03:00.000Z","valid_from":"2026-05-03T18:03:00.000Z","name":"http://reggyupdated.info","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://reggyupdated.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050999701390938280"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e344af1-c2fe-5b5a-b076-4ccd28da4146","created":"2026-05-03T18:03:00.000Z","modified":"2026-05-03T18:03:00.000Z","valid_from":"2026-05-03T18:03:00.000Z","name":"45.61.136.27","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.61.136.27']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050999701390938280"}],"labels":["APT","C2","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8b4a8b4-53c5-5d3b-aaa3-4d43e962f13b","created":"2026-05-03T18:32:00.000Z","modified":"2026-05-03T18:32:00.000Z","valid_from":"2026-05-03T18:32:00.000Z","name":"62.146.170.158","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '62.146.170.158']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051006916260680070"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18aa4d67-36ff-5632-90cd-265c09035933","created":"2026-05-03T18:55:00.000Z","modified":"2026-05-03T18:55:00.000Z","valid_from":"2026-05-03T18:55:00.000Z","name":"manager.credits-center.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'manager.credits-center.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051012700851916918"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67b8d411-f079-5639-8856-dcfccf3205a5","created":"2026-05-03T18:55:00.000Z","modified":"2026-05-03T18:55:00.000Z","valid_from":"2026-05-03T18:55:00.000Z","name":"http://manager.credits-center.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://manager.credits-center.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051012700851916918"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--372c2f42-6208-5f36-9039-0a29d6d84d0e","created":"2026-05-03T19:00:00.000Z","modified":"2026-05-03T19:00:00.000Z","valid_from":"2026-05-03T19:00:00.000Z","name":"newmailverifiedapps.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newmailverifiedapps.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051014148503249396"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1dea4af7-c239-5ffe-917d-58cfe295ea4e","created":"2026-05-03T19:00:00.000Z","modified":"2026-05-03T19:00:00.000Z","valid_from":"2026-05-03T19:00:00.000Z","name":"https://newmailverifiedapps.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://newmailverifiedapps.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051014148503249396"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eedaebf9-1a8b-5427-aa8c-cb4a712d022a","created":"2026-05-03T19:12:00.000Z","modified":"2026-05-03T19:12:00.000Z","valid_from":"2026-05-03T19:12:00.000Z","name":"http://104.145.210.148:8041","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.145.210.148:8041']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051017100173377697"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f269559-6520-5340-87e8-775ddb0a7add","created":"2026-05-03T19:12:00.000Z","modified":"2026-05-03T19:12:00.000Z","valid_from":"2026-05-03T19:12:00.000Z","name":"104.145.210.148","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.145.210.148']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051017100173377697"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--27767d7b-8fc3-5ed0-86f1-4dc47fc3db69","created":"2026-05-03T19:29:00.000Z","modified":"2026-05-03T19:29:00.000Z","valid_from":"2026-05-03T19:29:00.000Z","name":"47.84.73.64","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.84.73.64']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051021314865938781"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f590c12f-0839-5c89-8ce9-334c52cb17be","created":"2026-05-03T20:00:00.000Z","modified":"2026-05-03T20:00:00.000Z","valid_from":"2026-05-03T20:00:00.000Z","name":"tryjhytyjctfhdrxtse46ysxfgjxfyjfyjxdthtrterrthfhhhfff.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tryjhytyjctfhdrxtse46ysxfgjxfyjfyjxdthtrterrthfhhhfff.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051029065692303414"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98b461b3-bd4e-597a-8c73-167a439345eb","created":"2026-05-03T20:00:00.000Z","modified":"2026-05-03T20:00:00.000Z","valid_from":"2026-05-03T20:00:00.000Z","name":"https://tryjhytyjctfhdrxtse46ysxfgjxfyjfyjxdthtrterrthfhhhfff.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://tryjhytyjctfhdrxtse46ysxfgjxfyjfyjxdthtrterrthfhhhfff.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051029065692303414"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bd4aad5-4e28-50a9-943c-690c71da0a64","created":"2026-05-03T22:00:00.000Z","modified":"2026-05-03T22:00:00.000Z","valid_from":"2026-05-03T22:00:00.000Z","name":"timcard25.airmiles.ca","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'timcard25.airmiles.ca']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051059255222964247"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d09a36c-2053-56ab-8d22-650382471b5b","created":"2026-05-03T22:00:00.000Z","modified":"2026-05-03T22:00:00.000Z","valid_from":"2026-05-03T22:00:00.000Z","name":"https://timcard25.airmiles.ca","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://timcard25.airmiles.ca']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051059255222964247"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0960f050-52b5-545b-8cc6-00ce0e657a5f","created":"2026-05-03T22:19:00.000Z","modified":"2026-05-03T22:19:00.000Z","valid_from":"2026-05-03T22:19:00.000Z","name":"111.229.112.67","description":"IOC reported by @G60930953 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '111.229.112.67']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/G60930953/status/2051064092467556600"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed13d305-0d6c-59da-a0f6-7ecf03ba6a62","created":"2026-05-04T00:00:00.000Z","modified":"2026-05-04T00:00:00.000Z","valid_from":"2026-05-04T00:00:00.000Z","name":"gfhfhfjf.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gfhfhfjf.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051089487615197607"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--430833ef-5ab9-55af-a797-ae4ab967374b","created":"2026-05-04T00:00:00.000Z","modified":"2026-05-04T00:00:00.000Z","valid_from":"2026-05-04T00:00:00.000Z","name":"https://gfhfhfjf.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://gfhfhfjf.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051089487615197607"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1a4d442-a915-5a8c-978b-f6dd68254735","created":"2026-05-04T00:15:00.000Z","modified":"2026-05-04T00:15:00.000Z","valid_from":"2026-05-04T00:15:00.000Z","name":"flowcode.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'flowcode.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051093423684268238"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2a9a46b-d67d-57ba-ae51-403574caad0d","created":"2026-05-04T00:15:00.000Z","modified":"2026-05-04T00:15:00.000Z","valid_from":"2026-05-04T00:15:00.000Z","name":"https://flowcode.com/p/e8ouZT0yRY","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://flowcode.com/p/e8ouZT0yRY']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051093423684268238"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f9b8a91-105e-5309-a071-6425b8d405c1","created":"2026-05-04T02:00:00.000Z","modified":"2026-05-04T02:00:00.000Z","valid_from":"2026-05-04T02:00:00.000Z","name":"https://storage.cloud.google.com/indettn/pdflmanco.html","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://storage.cloud.google.com/indettn/pdflmanco.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051119652357500941"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8d2d485-e5bf-50ce-b943-7cf896f328e9","created":"2026-05-04T02:13:00.000Z","modified":"2026-05-04T02:13:00.000Z","valid_from":"2026-05-04T02:13:00.000Z","name":"q8w2e6r1t9y3u7i4o0p5a2s80uo3uw-pq03wtbdy8.edgeone.app","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'q8w2e6r1t9y3u7i4o0p5a2s80uo3uw-pq03wtbdy8.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051122901374677170"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ab2bf21-98f7-5400-bf32-6118fd676824","created":"2026-05-04T02:13:00.000Z","modified":"2026-05-04T02:13:00.000Z","valid_from":"2026-05-04T02:13:00.000Z","name":"https://q8w2e6r1t9y3u7i4o0p5a2s80uo3uw-pq03wtbdy8.edgeone.app","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://q8w2e6r1t9y3u7i4o0p5a2s80uo3uw-pq03wtbdy8.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051122901374677170"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6072c5dd-a81d-50f0-ba33-be787d7493fe","created":"2026-05-04T02:13:00.000Z","modified":"2026-05-04T02:13:00.000Z","valid_from":"2026-05-04T02:13:00.000Z","name":"z5x2c9v1b7n3m8k4j0h6g2f1u0l1-ahbkz5cnlt.edgeone.app","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'z5x2c9v1b7n3m8k4j0h6g2f1u0l1-ahbkz5cnlt.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051122901374677170"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c3c455e-69af-5365-b5a9-d16268c9470d","created":"2026-05-04T02:13:00.000Z","modified":"2026-05-04T02:13:00.000Z","valid_from":"2026-05-04T02:13:00.000Z","name":"https://z5x2c9v1b7n3m8k4j0h6g2f1u0l1-ahbkz5cnlt.edgeone.app","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://z5x2c9v1b7n3m8k4j0h6g2f1u0l1-ahbkz5cnlt.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051122901374677170"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86ec3fbc-44f1-5950-a3b5-09ecb30be426","created":"2026-05-04T03:23:00.000Z","modified":"2026-05-04T03:23:00.000Z","valid_from":"2026-05-04T03:23:00.000Z","name":"ceadelhi.in","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ceadelhi.in']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051140637186232355"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--555a7e2c-ba7d-5431-a86a-e87a82c6e965","created":"2026-05-04T03:23:00.000Z","modified":"2026-05-04T03:23:00.000Z","valid_from":"2026-05-04T03:23:00.000Z","name":"https://ceadelhi.in/fr","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ceadelhi.in/fr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051140637186232355"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca87f6bc-fd6f-5cf7-b825-a6cdbba35aed","created":"2026-05-04T03:23:00.000Z","modified":"2026-05-04T03:23:00.000Z","valid_from":"2026-05-04T03:23:00.000Z","name":"http://ceadelhi.in","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ceadelhi.in']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051140637186232355"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e981bf42-316e-547a-a5e3-e37a03202486","created":"2026-05-04T03:23:00.000Z","modified":"2026-05-04T03:23:00.000Z","valid_from":"2026-05-04T03:23:00.000Z","name":"http://193.29.56.122","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.29.56.122']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051140637186232355"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--668422fc-463c-55c0-a7cf-ad06cc54180b","created":"2026-05-04T03:23:00.000Z","modified":"2026-05-04T03:23:00.000Z","valid_from":"2026-05-04T03:23:00.000Z","name":"193.29.56.122","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.29.56.122']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051140637186232355"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d02bbc65-4b0c-5bb8-b79f-170863d72edc","created":"2026-05-04T03:23:00.000Z","modified":"2026-05-04T03:23:00.000Z","valid_from":"2026-05-04T03:23:00.000Z","name":"192.52.167.193","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.52.167.193']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051140637186232355"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c53c8652-6a7f-5258-9f01-88bc7a107c9f","created":"2026-05-04T03:23:00.000Z","modified":"2026-05-04T03:23:00.000Z","valid_from":"2026-05-04T03:23:00.000Z","name":"5eda8a31ff0905e4868f84b3f1e315a2","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '5eda8a31ff0905e4868f84b3f1e315a2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051140637186232355"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93b651fc-71ac-52da-8859-8c6a00170fd4","created":"2026-05-04T04:00:00.000Z","modified":"2026-05-04T04:00:00.000Z","valid_from":"2026-05-04T04:00:00.000Z","name":"wweebbbddeee.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wweebbbddeee.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051149870468104231"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0dd85f73-6542-5cdc-b772-018a677cf4c8","created":"2026-05-04T04:00:00.000Z","modified":"2026-05-04T04:00:00.000Z","valid_from":"2026-05-04T04:00:00.000Z","name":"https://wweebbbddeee.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wweebbbddeee.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051149870468104231"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed4b0a9f-50be-5514-b6c0-ed00e97b13e4","created":"2026-05-04T06:00:00.000Z","modified":"2026-05-04T06:00:00.000Z","valid_from":"2026-05-04T06:00:00.000Z","name":"archjoinerry.wixsite.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'archjoinerry.wixsite.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051180058094473520"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f364fd1-e46e-57ab-a05d-7f2f70b269bd","created":"2026-05-04T06:00:00.000Z","modified":"2026-05-04T06:00:00.000Z","valid_from":"2026-05-04T06:00:00.000Z","name":"https://archjoinerry.wixsite.com/my-site-1","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://archjoinerry.wixsite.com/my-site-1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051180058094473520"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--046fa362-ba6e-52d9-bdd2-b0203cf53bca","created":"2026-05-04T06:34:00.000Z","modified":"2026-05-04T06:34:00.000Z","valid_from":"2026-05-04T06:34:00.000Z","name":"http://111.229.112.67:8443","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://111.229.112.67:8443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2051188793701519870"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0960f050-52b5-545b-8cc6-00ce0e657a5f","created":"2026-05-04T06:34:00.000Z","modified":"2026-05-04T06:34:00.000Z","valid_from":"2026-05-04T06:34:00.000Z","name":"111.229.112.67","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '111.229.112.67']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2051188793701519870"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--859d64e1-15d8-58c6-8edf-c8c9bb1bfd4b","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"indexmxhwnvfiu4wu29174vfm4odq2fqwt6pnfzup3iwdwxy.restaurantedugandolfo.com.br","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'indexmxhwnvfiu4wu29174vfm4odq2fqwt6pnfzup3iwdwxy.restaurantedugandolfo.com.br']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191789701488875"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b13dfea-38f6-579c-8589-99324a98b6f1","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"https://indexmxhwnvfiu4wu29174vfm4odq2fqwt6pnfzup3iwdwxy.restaurantedugandolfo.com.br/authenticationtokenDeyJhbGciOiJ","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://indexmxhwnvfiu4wu29174vfm4odq2fqwt6pnfzup3iwdwxy.restaurantedugandolfo.com.br/authenticationtokenDeyJhbGciOiJ']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191789701488875"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b968347-83ef-5fab-9011-3d394cb61df6","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"209.85.210.100","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '209.85.210.100']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191789701488875"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0210b14d-fe62-5cc1-8b42-fc9e3d61170c","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"emailmjm4ofzupbz3iwdwxyx3ug3lawf0ijoxnzc2mtk5odaweg5lbxvpzms3.southeastqldstorage.com.au","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emailmjm4ofzupbz3iwdwxyx3ug3lawf0ijoxnzc2mtk5odaweg5lbxvpzms3.southeastqldstorage.com.au']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191796768915708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--757f5f0d-6688-556e-93f8-96263d419e7a","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"https://emailmjm4ofzupbz3iwdwxyx3ug3lawf0ijoxnzc2mtk5odaweg5lbxvpzms3.southeastqldstorage.com.au/japansuite/","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://emailmjm4ofzupbz3iwdwxyx3ug3lawf0ijoxnzc2mtk5odaweg5lbxvpzms3.southeastqldstorage.com.au/japansuite/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191796768915708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c47d0b42-2c57-57da-9bec-06bf78bb0e2c","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"southeastqldstorage.com.au","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'southeastqldstorage.com.au']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191796768915708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8b361f6-e7f9-56b6-86b9-8dbee73cf7f1","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"https://southeastqldstorage.com.au/send/dend.php","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://southeastqldstorage.com.au/send/dend.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191796768915708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ee17c1e-c339-57ae-a40f-c459a4786801","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"192.185.175.234","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.185.175.234']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191796768915708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c8261a8-9b46-509d-bca3-c97ea95bc4b6","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"andolfo.com.br","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'andolfo.com.br']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191794235572557"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6afe9df7-01f8-51ae-8f22-a89405d958ac","created":"2026-05-04T06:46:00.000Z","modified":"2026-05-04T06:46:00.000Z","valid_from":"2026-05-04T06:46:00.000Z","name":"http://andolfo.com.br/authenticationtokenDeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9yJvcmlnaW5hbFVybCI6Imh0dHBzOi8vbWFpbGVyLWkxZHh4dGE3aWJvbHoweG5lbXVpZms3d2dieGI1YjN5bXQzZG5lbXVpZms3d2/","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://andolfo.com.br/authenticationtokenDeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9yJvcmlnaW5hbFVybCI6Imh0dHBzOi8vbWFpbGVyLWkxZHh4dGE3aWJvbHoweG5lbXVpZms3d2dieGI1YjN5bXQzZG5lbXVpZms3d2/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2051191794235572557"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4cc1995-f25b-5c42-a25d-70f1dfa23737","created":"2026-05-04T07:20:00.000Z","modified":"2026-05-04T07:20:00.000Z","valid_from":"2026-05-04T07:20:00.000Z","name":"confident-red-leopard.31-22-7-7.cpanel.site","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'confident-red-leopard.31-22-7-7.cpanel.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2051200178946707841"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffaf33de-ee6d-51af-b2a0-9b76a3393573","created":"2026-05-04T07:20:00.000Z","modified":"2026-05-04T07:20:00.000Z","valid_from":"2026-05-04T07:20:00.000Z","name":"https://www.confident-red-leopard.31-22-7-7.cpanel.site/aut","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.confident-red-leopard.31-22-7-7.cpanel.site/aut']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2051200178946707841"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a620fd5-a44d-5964-af3a-ff16123f483f","created":"2026-05-04T07:30:00.000Z","modified":"2026-05-04T07:30:00.000Z","valid_from":"2026-05-04T07:30:00.000Z","name":"gpcmro.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gpcmro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051202697286873231"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c8667e7-ffbb-5f30-a2ed-19d60f1e2428","created":"2026-05-04T07:30:00.000Z","modified":"2026-05-04T07:30:00.000Z","valid_from":"2026-05-04T07:30:00.000Z","name":"https://gpcmro.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://gpcmro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051202697286873231"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed4590eb-9e43-5fe2-8453-bbd0ec2be996","created":"2026-05-04T08:00:00.000Z","modified":"2026-05-04T08:00:00.000Z","valid_from":"2026-05-04T08:00:00.000Z","name":"pub-440c4187a64b43cab2dc668e266c8762.r2.dev","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pub-440c4187a64b43cab2dc668e266c8762.r2.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051210258320634327"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1feafd6b-75ad-5ed5-9711-c2e83c90e7f0","created":"2026-05-04T08:00:00.000Z","modified":"2026-05-04T08:00:00.000Z","valid_from":"2026-05-04T08:00:00.000Z","name":"https://pub-440c4187a64b43cab2dc668e266c8762.r2.dev/index.html","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pub-440c4187a64b43cab2dc668e266c8762.r2.dev/index.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051210258320634327"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72baf97f-8219-5343-925d-b60328095ed0","created":"2026-05-04T08:14:00.000Z","modified":"2026-05-04T08:14:00.000Z","valid_from":"2026-05-04T08:14:00.000Z","name":"kgm.moudtz.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kgm.moudtz.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051213871860396199"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb7ec8f0-dddf-5b7b-9689-eb019dfa7436","created":"2026-05-04T08:14:00.000Z","modified":"2026-05-04T08:14:00.000Z","valid_from":"2026-05-04T08:14:00.000Z","name":"http://kgm.moudtz.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kgm.moudtz.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051213871860396199"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14deb0be-ec50-5a9c-83d1-2e72fffe1b8f","created":"2026-05-04T08:16:00.000Z","modified":"2026-05-04T08:16:00.000Z","valid_from":"2026-05-04T08:16:00.000Z","name":"maybank2m.vip","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'maybank2m.vip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051214436459770240"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61b05077-77d9-5e48-be23-f3a081b6e927","created":"2026-05-04T08:16:00.000Z","modified":"2026-05-04T08:16:00.000Z","valid_from":"2026-05-04T08:16:00.000Z","name":"http://maybank2m.vip","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://maybank2m.vip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051214436459770240"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4cdf7ef6-87ea-5546-8be3-4a537545ef5a","created":"2026-05-04T10:00:00.000Z","modified":"2026-05-04T10:00:00.000Z","valid_from":"2026-05-04T10:00:00.000Z","name":"schoolviewers9876542567894.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'schoolviewers9876542567894.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051240456030195762"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ede4415a-6f86-5217-855e-693611a19211","created":"2026-05-04T10:00:00.000Z","modified":"2026-05-04T10:00:00.000Z","valid_from":"2026-05-04T10:00:00.000Z","name":"https://schoolviewers9876542567894.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://schoolviewers9876542567894.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051240456030195762"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf381ae5-080a-5889-8908-1e1478f43690","created":"2026-05-04T10:36:00.000Z","modified":"2026-05-04T10:36:00.000Z","valid_from":"2026-05-04T10:36:00.000Z","name":"allegro-lokalnie.40399oefiiu.shop","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'allegro-lokalnie.40399oefiiu.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051249496483365174"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a2a4f48-4499-5d57-80dc-ab8a73aaff7d","created":"2026-05-04T10:36:00.000Z","modified":"2026-05-04T10:36:00.000Z","valid_from":"2026-05-04T10:36:00.000Z","name":"https://allegro-lokalnie.40399oefiiu.shop","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://allegro-lokalnie.40399oefiiu.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051249496483365174"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ace7c50-0b85-5cb7-ab54-959055b60c45","created":"2026-05-04T10:46:00.000Z","modified":"2026-05-04T10:46:00.000Z","valid_from":"2026-05-04T10:46:00.000Z","name":"mrelay.fabriodesign.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mrelay.fabriodesign.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051252070175350928"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e999620f-fdeb-5575-82a4-ac035eac9658","created":"2026-05-04T10:46:00.000Z","modified":"2026-05-04T10:46:00.000Z","valid_from":"2026-05-04T10:46:00.000Z","name":"http://mrelay.fabriodesign.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mrelay.fabriodesign.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051252070175350928"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--09e88416-31b0-5980-a7db-74e665e385d4","created":"2026-05-04T11:23:00.000Z","modified":"2026-05-04T11:23:00.000Z","valid_from":"2026-05-04T11:23:00.000Z","name":"6fc7eb7da9379383efda4253e4f599bbc3a99afed0468eabfe18484ec525739a","description":"IOC reported by @uttam_singhk on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '6fc7eb7da9379383efda4253e4f599bbc3a99afed0468eabfe18484ec525739a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/uttam_singhk/status/2051261381664817442"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c3ddcbf-26f8-593e-b3e3-683d44a0e5f9","created":"2026-05-04T11:47:00.000Z","modified":"2026-05-04T11:47:00.000Z","valid_from":"2026-05-04T11:47:00.000Z","name":"sparrow-update.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sparrow-update.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051267396241957060"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d0ee91c-ab5b-5357-9b64-ae7cc4c9036f","created":"2026-05-04T11:47:00.000Z","modified":"2026-05-04T11:47:00.000Z","valid_from":"2026-05-04T11:47:00.000Z","name":"http://sparrow-update.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sparrow-update.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051267396241957060"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--deef792a-2756-5cda-b6ac-908c2163101d","created":"2026-05-04T12:00:00.000Z","modified":"2026-05-04T12:00:00.000Z","valid_from":"2026-05-04T12:00:00.000Z","name":"navershefffffff.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navershefffffff.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051270661184631272"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a7a6776-0979-5b2b-9afb-0d67c090c966","created":"2026-05-04T12:00:00.000Z","modified":"2026-05-04T12:00:00.000Z","valid_from":"2026-05-04T12:00:00.000Z","name":"https://navershefffffff.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://navershefffffff.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051270661184631272"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5bf8ac51-51b5-5dfc-821a-b98a7fb4a257","created":"2026-05-04T13:20:00.000Z","modified":"2026-05-04T13:20:00.000Z","valid_from":"2026-05-04T13:20:00.000Z","name":"2d39aff262415a2ce7da373c98c36c48","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '2d39aff262415a2ce7da373c98c36c48']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2051290970709426513"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2accb82-aafc-5ffb-8790-30e4b3539070","created":"2026-05-04T14:00:00.000Z","modified":"2026-05-04T14:00:00.000Z","valid_from":"2026-05-04T14:00:00.000Z","name":"sandeeppk03.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sandeeppk03.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051300855551324497"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--19c1a9d1-8ae1-52fc-ba53-15b84dec5240","created":"2026-05-04T14:00:00.000Z","modified":"2026-05-04T14:00:00.000Z","valid_from":"2026-05-04T14:00:00.000Z","name":"https://sandeeppk03.github.io/netflix-/","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sandeeppk03.github.io/netflix-/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051300855551324497"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03ee8956-2c8c-50a1-9a50-184120d59c57","created":"2026-05-04T14:07:00.000Z","modified":"2026-05-04T14:07:00.000Z","valid_from":"2026-05-04T14:07:00.000Z","name":"http://45.92.1.50/rondo.dus.sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.92.1.50/rondo.dus.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2051302589178790062"}],"labels":["Log4shell","log4j"]},{"type":"indicator","spec_version":"2.1","id":"indicator--909d00dc-a552-59fe-a9f7-d377c170f2f3","created":"2026-05-04T14:07:00.000Z","modified":"2026-05-04T14:07:00.000Z","valid_from":"2026-05-04T14:07:00.000Z","name":"atomicmail.io","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'atomicmail.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2051302589178790062"}],"labels":["Log4shell","log4j"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab958caa-a028-51d4-a2a0-4f9cf1a07f89","created":"2026-05-04T14:07:00.000Z","modified":"2026-05-04T14:07:00.000Z","valid_from":"2026-05-04T14:07:00.000Z","name":"http://atomicmail.io","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://atomicmail.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2051302589178790062"}],"labels":["Log4shell","log4j"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb4b705e-01d9-5a03-a550-471fc2683978","created":"2026-05-04T14:07:00.000Z","modified":"2026-05-04T14:07:00.000Z","valid_from":"2026-05-04T14:07:00.000Z","name":"124.198.131.185","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '124.198.131.185']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2051302589178790062"}],"labels":["Log4shell","log4j"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1bef5ab-d551-5c2d-8d5b-e98094d407bb","created":"2026-05-04T14:07:00.000Z","modified":"2026-05-04T14:07:00.000Z","valid_from":"2026-05-04T14:07:00.000Z","name":"45.92.1.50","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.92.1.50']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2051302589178790062"}],"labels":["Log4shell","log4j"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ba25530-c822-5b41-8474-c68b26286364","created":"2026-05-04T14:50:00.000Z","modified":"2026-05-04T14:50:00.000Z","valid_from":"2026-05-04T14:50:00.000Z","name":"42a1aded85892a80c83f741a7ac00e7e75015166c3be0bae29d93d3a4714711d","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '42a1aded85892a80c83f741a7ac00e7e75015166c3be0bae29d93d3a4714711d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2051313507837317396"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--79fde924-7cdf-5655-bc14-76d4ac29c0c6","created":"2026-05-04T14:50:00.000Z","modified":"2026-05-04T14:50:00.000Z","valid_from":"2026-05-04T14:50:00.000Z","name":"2fc0a056fd4eff5d31d06c103af3298d711f33dbcd5d122cae30b571ac511e5a","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '2fc0a056fd4eff5d31d06c103af3298d711f33dbcd5d122cae30b571ac511e5a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2051313507837317396"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--40e190d9-3ccc-5b00-b8ed-99a05e7a2e08","created":"2026-05-04T15:00:00.000Z","modified":"2026-05-04T15:00:00.000Z","valid_from":"2026-05-04T15:00:00.000Z","name":"ledgerlive-desktop.com","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ledgerlive-desktop.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2051315920501694937"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--11bf3201-321b-5eb9-9c4a-168586e0aee8","created":"2026-05-04T15:00:00.000Z","modified":"2026-05-04T15:00:00.000Z","valid_from":"2026-05-04T15:00:00.000Z","name":"https://www.ledgerlive-desktop.com","description":"IOC reported by @volrant136 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.ledgerlive-desktop.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/volrant136/status/2051315920501694937"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--21f9e41f-9bb6-5ac6-8515-81ff968ebe3a","created":"2026-05-04T15:01:00.000Z","modified":"2026-05-04T15:01:00.000Z","valid_from":"2026-05-04T15:01:00.000Z","name":"sfe-2026.com","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sfe-2026.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2051316413206233397"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8b236e6-b24d-570e-9bc8-673b76e65a91","created":"2026-05-04T15:01:00.000Z","modified":"2026-05-04T15:01:00.000Z","valid_from":"2026-05-04T15:01:00.000Z","name":"https://sfe-2026.com/~server10/c/375f4b72-6efb-45f0-a90e-9de7ee504228","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sfe-2026.com/~server10/c/375f4b72-6efb-45f0-a90e-9de7ee504228']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2051316413206233397"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--11b300cc-0b98-5d46-98f6-b2a012d6a9be","created":"2026-05-04T15:25:00.000Z","modified":"2026-05-04T15:25:00.000Z","valid_from":"2026-05-04T15:25:00.000Z","name":"muraptor.com","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'muraptor.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2051322228583669955"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9985128-8f4e-5aaa-b67b-d44b65468d7f","created":"2026-05-04T15:25:00.000Z","modified":"2026-05-04T15:25:00.000Z","valid_from":"2026-05-04T15:25:00.000Z","name":"lkhpihf.com","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lkhpihf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2051322228583669955"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c261e0ce-ea1c-591c-8370-32fc3eef329e","created":"2026-05-04T15:25:00.000Z","modified":"2026-05-04T15:25:00.000Z","valid_from":"2026-05-04T15:25:00.000Z","name":"lkboasprqw.com","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lkboasprqw.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2051322228583669955"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c307e6fa-76e0-5b9a-afa7-33040114d0ae","created":"2026-05-04T15:33:00.000Z","modified":"2026-05-04T15:33:00.000Z","valid_from":"2026-05-04T15:33:00.000Z","name":"http://193.233.113.106/book","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.233.113.106/book']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2051324444371525940"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebe0bfcc-d59d-58b2-89dc-7139d131831a","created":"2026-05-04T15:33:00.000Z","modified":"2026-05-04T15:33:00.000Z","valid_from":"2026-05-04T15:33:00.000Z","name":"193.233.113.106","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.233.113.106']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2051324444371525940"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e3b86db-cc30-51a7-82dc-cc6b168b6808","created":"2026-05-04T15:47:00.000Z","modified":"2026-05-04T15:47:00.000Z","valid_from":"2026-05-04T15:47:00.000Z","name":"wildcard.dimora.icu","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wildcard.dimora.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2051327985723281809"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--94b814a0-fabc-53ea-8069-bb3e06b3370c","created":"2026-05-04T15:47:00.000Z","modified":"2026-05-04T15:47:00.000Z","valid_from":"2026-05-04T15:47:00.000Z","name":"https://wildcard.dimora.icu/govcard/","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wildcard.dimora.icu/govcard/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2051327985723281809"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0453570f-26aa-5ca6-a079-3674666ac945","created":"2026-05-04T15:47:00.000Z","modified":"2026-05-04T15:47:00.000Z","valid_from":"2026-05-04T15:47:00.000Z","name":"https://t.me/+d2c11XFXPxowMGRk","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://t.me/+d2c11XFXPxowMGRk']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2051327985723281809"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7767e13a-9e1f-566c-88fa-aa736bfa2e74","created":"2026-05-04T16:00:00.000Z","modified":"2026-05-04T16:00:00.000Z","valid_from":"2026-05-04T16:00:00.000Z","name":"kikomilanohq.shop","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kikomilanohq.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051331066263216418"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--df69c3a6-a45e-5e72-8e7f-47697e38ef9d","created":"2026-05-04T16:00:00.000Z","modified":"2026-05-04T16:00:00.000Z","valid_from":"2026-05-04T16:00:00.000Z","name":"https://kikomilanohq.shop","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://kikomilanohq.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051331066263216418"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8eb8e292-4575-5b9e-b385-8a6c881466c1","created":"2026-05-04T16:47:00.000Z","modified":"2026-05-04T16:47:00.000Z","valid_from":"2026-05-04T16:47:00.000Z","name":"astroflightvision.com","description":"IOC reported by @SquiblydooBlog on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'astroflightvision.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SquiblydooBlog/status/2051342893181268087"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--91c50ac8-57d1-5f64-8e9a-3678f10cb472","created":"2026-05-04T16:47:00.000Z","modified":"2026-05-04T16:47:00.000Z","valid_from":"2026-05-04T16:47:00.000Z","name":"http://astroflightvision.com","description":"IOC reported by @SquiblydooBlog on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://astroflightvision.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SquiblydooBlog/status/2051342893181268087"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--53185667-5dca-500b-bd01-a4a1e78e5013","created":"2026-05-04T16:47:00.000Z","modified":"2026-05-04T16:47:00.000Z","valid_from":"2026-05-04T16:47:00.000Z","name":"785ba9c42deca8cfc69f1aafb371802782d01bc8156a67c5c0d412c5fb3b4e33","description":"IOC reported by @SquiblydooBlog on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '785ba9c42deca8cfc69f1aafb371802782d01bc8156a67c5c0d412c5fb3b4e33']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SquiblydooBlog/status/2051342893181268087"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e96e7963-f590-58c0-a9c9-8ffcd759eac6","created":"2026-05-04T18:00:00.000Z","modified":"2026-05-04T18:00:00.000Z","valid_from":"2026-05-04T18:00:00.000Z","name":"gucuggj.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gucuggj.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051361251674997012"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2954d7b-9e3c-5116-84ac-e49b76cb813a","created":"2026-05-04T18:00:00.000Z","modified":"2026-05-04T18:00:00.000Z","valid_from":"2026-05-04T18:00:00.000Z","name":"https://gucuggj.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://gucuggj.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051361251674997012"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--875ac5f5-20d0-51bb-9056-005cd16cf763","created":"2026-05-04T18:24:00.000Z","modified":"2026-05-04T18:24:00.000Z","valid_from":"2026-05-04T18:24:00.000Z","name":"nid-naverfxc.servecounterstrike.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-naverfxc.servecounterstrike.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051367386939310471"}],"labels":["APT","C2","DPRK","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c018753-7b65-5335-bbc6-62c1fcb6b67e","created":"2026-05-04T18:24:00.000Z","modified":"2026-05-04T18:24:00.000Z","valid_from":"2026-05-04T18:24:00.000Z","name":"http://nid-naverfxc.servecounterstrike.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-naverfxc.servecounterstrike.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051367386939310471"}],"labels":["APT","C2","DPRK","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fb6d949-690e-570f-9326-f47d4e3ea1f8","created":"2026-05-04T18:24:00.000Z","modified":"2026-05-04T18:24:00.000Z","valid_from":"2026-05-04T18:24:00.000Z","name":"http://27.102.137.150","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051367386939310471"}],"labels":["APT","C2","DPRK","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c41e64fd-bb60-5e1c-a8ea-f62b098b645e","created":"2026-05-04T18:24:00.000Z","modified":"2026-05-04T18:24:00.000Z","valid_from":"2026-05-04T18:24:00.000Z","name":"27.102.137.150","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051367386939310471"}],"labels":["APT","C2","DPRK","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8b1f4db-1bb6-5592-b457-e537f3a6d961","created":"2026-05-04T18:47:00.000Z","modified":"2026-05-04T18:47:00.000Z","valid_from":"2026-05-04T18:47:00.000Z","name":"27.102.137.185","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.185']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051373157559255329"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f786d2a8-c81e-5be1-9206-50a441faab40","created":"2026-05-04T19:03:00.000Z","modified":"2026-05-04T19:03:00.000Z","valid_from":"2026-05-04T19:03:00.000Z","name":"teams-live.com.co","description":"IOC reported by @L0Psec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'teams-live.com.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/L0Psec/status/2051377119922434161"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--839593ff-da1e-548a-a86e-66ab9c6ba7b1","created":"2026-05-04T19:03:00.000Z","modified":"2026-05-04T19:03:00.000Z","valid_from":"2026-05-04T19:03:00.000Z","name":"https://teams-live.com.co/628233/check","description":"IOC reported by @L0Psec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://teams-live.com.co/628233/check']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/L0Psec/status/2051377119922434161"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a31cca7-51a8-5a09-b95e-ac96790246dc","created":"2026-05-04T19:03:00.000Z","modified":"2026-05-04T19:03:00.000Z","valid_from":"2026-05-04T19:03:00.000Z","name":"03e15ea608e25202c41fef5ec95f010b5bfcdaee638170ae8ce86ecc3c5fd615","description":"IOC reported by @L0Psec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '03e15ea608e25202c41fef5ec95f010b5bfcdaee638170ae8ce86ecc3c5fd615']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/L0Psec/status/2051377119922434161"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e621083a-f3e0-5b47-b3a1-f0495d7f0b2b","created":"2026-05-04T20:20:00.000Z","modified":"2026-05-04T20:20:00.000Z","valid_from":"2026-05-04T20:20:00.000Z","name":"http://194.59.31.192:8443","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://194.59.31.192:8443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2051396610920177687"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d64fc01-4182-562d-96d3-1451e99fa0c1","created":"2026-05-04T20:20:00.000Z","modified":"2026-05-04T20:20:00.000Z","valid_from":"2026-05-04T20:20:00.000Z","name":"194.59.31.192","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '194.59.31.192']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2051396610920177687"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfc8b351-65b7-5cbd-89b4-9b39f0d5d365","created":"2026-05-04T20:42:00.000Z","modified":"2026-05-04T20:42:00.000Z","valid_from":"2026-05-04T20:42:00.000Z","name":"http://104.194.152.199","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.194.152.199']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051402222458544341"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7dedf26d-6b75-5ce4-adaa-c6970c395537","created":"2026-05-04T20:42:00.000Z","modified":"2026-05-04T20:42:00.000Z","valid_from":"2026-05-04T20:42:00.000Z","name":"104.194.152.199","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.194.152.199']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051402222458544341"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6d13937-5d3e-56b6-80b5-4dfdb9a6c9fb","created":"2026-05-04T20:42:00.000Z","modified":"2026-05-04T20:42:00.000Z","valid_from":"2026-05-04T20:42:00.000Z","name":"http://micrusoft.usteams-meet.xyzteams-meet.us.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://micrusoft.usteams-meet.xyzteams-meet.us.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051402139516154013"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b16e2fb-21a7-517e-a150-739ea2065c1b","created":"2026-05-04T20:46:00.000Z","modified":"2026-05-04T20:46:00.000Z","valid_from":"2026-05-04T20:46:00.000Z","name":"http://144.172.116.48:8080","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://144.172.116.48:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2051403187282685981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--63c8c3c0-8f49-5897-8dbb-85cb2f69e46f","created":"2026-05-04T20:46:00.000Z","modified":"2026-05-04T20:46:00.000Z","valid_from":"2026-05-04T20:46:00.000Z","name":"144.172.116.48","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '144.172.116.48']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2051403187282685981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e47e26e0-86ea-5d8c-a00c-1e5209617e6f","created":"2026-05-04T20:48:00.000Z","modified":"2026-05-04T20:48:00.000Z","valid_from":"2026-05-04T20:48:00.000Z","name":"jiugui22.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jiugui22.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051403517718401423"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--15e2d6ac-e829-58cf-a14c-4cf7cdb55d96","created":"2026-05-04T20:48:00.000Z","modified":"2026-05-04T20:48:00.000Z","valid_from":"2026-05-04T20:48:00.000Z","name":"http://jiugui22.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jiugui22.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051403517718401423"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--746b5810-3ee0-52cb-9084-669bd146574f","created":"2026-05-04T20:48:00.000Z","modified":"2026-05-04T20:48:00.000Z","valid_from":"2026-05-04T20:48:00.000Z","name":"http://8.218.196.168","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://8.218.196.168']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051403517718401423"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b839655-ecca-5ca8-97c4-ea703c5a7a75","created":"2026-05-04T20:48:00.000Z","modified":"2026-05-04T20:48:00.000Z","valid_from":"2026-05-04T20:48:00.000Z","name":"8.218.196.168","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.218.196.168']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051403517718401423"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e06a266c-1416-5a85-a296-371d8e0cacf0","created":"2026-05-04T21:06:00.000Z","modified":"2026-05-04T21:06:00.000Z","valid_from":"2026-05-04T21:06:00.000Z","name":"http://193.233.198.176/verifedd","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.233.198.176/verifedd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051408261753053451"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3fb7f96-32a0-5766-952e-90e475a54dbd","created":"2026-05-04T21:06:00.000Z","modified":"2026-05-04T21:06:00.000Z","valid_from":"2026-05-04T21:06:00.000Z","name":"lipontrent.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lipontrent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051408261753053451"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0628f6cb-01bd-55cc-987a-f9e0c7f91ddc","created":"2026-05-04T21:06:00.000Z","modified":"2026-05-04T21:06:00.000Z","valid_from":"2026-05-04T21:06:00.000Z","name":"http://lipontrent.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lipontrent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051408261753053451"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4bd95dc1-0fdb-524a-856b-1eef5028df89","created":"2026-05-04T21:06:00.000Z","modified":"2026-05-04T21:06:00.000Z","valid_from":"2026-05-04T21:06:00.000Z","name":"http://62.164.177.227","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://62.164.177.227']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051408261753053451"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--62c496c0-e7f0-5cdd-88a9-df97b0737bab","created":"2026-05-04T21:06:00.000Z","modified":"2026-05-04T21:06:00.000Z","valid_from":"2026-05-04T21:06:00.000Z","name":"193.233.198.176","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.233.198.176']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051408261753053451"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3ee9055-def3-58e0-a8c6-befefbfda467","created":"2026-05-04T21:06:00.000Z","modified":"2026-05-04T21:06:00.000Z","valid_from":"2026-05-04T21:06:00.000Z","name":"62.164.177.227","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '62.164.177.227']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051408261753053451"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a9a7d92-1945-5fa1-bd48-885d64c66406","created":"2026-05-04T21:12:00.000Z","modified":"2026-05-04T21:12:00.000Z","valid_from":"2026-05-04T21:12:00.000Z","name":"2ca7ac695c6b75bc547caad20bc74fea","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '2ca7ac695c6b75bc547caad20bc74fea']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051409727465107910"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e079b68e-d21d-59cd-ad04-f04413500979","created":"2026-05-05T00:00:00.000Z","modified":"2026-05-05T00:00:00.000Z","valid_from":"2026-05-05T00:00:00.000Z","name":"ritikpandey007.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ritikpandey007.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051451864193909149"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdf74d0f-df9b-529c-8984-361813ac9124","created":"2026-05-05T00:00:00.000Z","modified":"2026-05-05T00:00:00.000Z","valid_from":"2026-05-05T00:00:00.000Z","name":"http://ritikpandey007.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ritikpandey007.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051451864193909149"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7be7fdc-d63a-5280-bf3b-49b41f4d0373","created":"2026-05-05T01:21:00.000Z","modified":"2026-05-05T01:21:00.000Z","valid_from":"2026-05-05T01:21:00.000Z","name":"22180919f562fb9f6e50d7f20b2eb3f94eb009c212b74b45cf77659fe8274d5b","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '22180919f562fb9f6e50d7f20b2eb3f94eb009c212b74b45cf77659fe8274d5b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2051472300147638664"}],"labels":["APT","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3ab16d1-95b1-50ac-af0e-74031f2a1ea3","created":"2026-05-05T01:47:00.000Z","modified":"2026-05-05T01:47:00.000Z","valid_from":"2026-05-05T01:47:00.000Z","name":"vuthisegweka.co.za","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vuthisegweka.co.za']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051478886936883419"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8677d65-330d-5049-8371-089ae88f939d","created":"2026-05-05T01:47:00.000Z","modified":"2026-05-05T01:47:00.000Z","valid_from":"2026-05-05T01:47:00.000Z","name":"https://vuthisegweka.co.za/metalworkservice/index.php","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://vuthisegweka.co.za/metalworkservice/index.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051478886936883419"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ef6cf79-b467-5d5a-813b-9cddea9a4f93","created":"2026-05-05T01:47:00.000Z","modified":"2026-05-05T01:47:00.000Z","valid_from":"2026-05-05T01:47:00.000Z","name":"196.41.122.245","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '196.41.122.245']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051478886936883419"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0a51ff5-ce55-5e84-9f04-03ffd16319ae","created":"2026-05-05T01:51:00.000Z","modified":"2026-05-05T01:51:00.000Z","valid_from":"2026-05-05T01:51:00.000Z","name":"whm.update.36543loaded.forever.v2202508297531378155.powersrv.de","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'whm.update.36543loaded.forever.v2202508297531378155.powersrv.de']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051479935697518984"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0c90086-2a4e-5983-afd4-aa70c5cc3238","created":"2026-05-05T01:51:00.000Z","modified":"2026-05-05T01:51:00.000Z","valid_from":"2026-05-05T01:51:00.000Z","name":"https://whm.update.36543loaded.forever.v2202508297531378155.powersrv.de","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://whm.update.36543loaded.forever.v2202508297531378155.powersrv.de']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051479935697518984"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--717c3a2a-1b3e-5a26-b693-a7b7baeb1cf8","created":"2026-05-05T01:51:00.000Z","modified":"2026-05-05T01:51:00.000Z","valid_from":"2026-05-05T01:51:00.000Z","name":"152.53.136.204","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '152.53.136.204']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051479935697518984"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--248f83a0-a666-5279-9c81-71d503438ae3","created":"2026-05-05T02:00:00.000Z","modified":"2026-05-05T02:00:00.000Z","valid_from":"2026-05-05T02:00:00.000Z","name":"allegro.982834823dsgsp.lat","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'allegro.982834823dsgsp.lat']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051482108447645785"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f91a542-0e84-528c-9eb3-feae6fe070dc","created":"2026-05-05T02:00:00.000Z","modified":"2026-05-05T02:00:00.000Z","valid_from":"2026-05-05T02:00:00.000Z","name":"https://allegro.982834823dsgsp.lat","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://allegro.982834823dsgsp.lat']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051482108447645785"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--698f88fa-aaf9-5fe2-9566-8e25a5aa7563","created":"2026-05-05T02:00:00.000Z","modified":"2026-05-05T02:00:00.000Z","valid_from":"2026-05-05T02:00:00.000Z","name":"rastreamentobr-correios.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rastreamentobr-correios.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051482054118785375"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--108b5011-79bd-5348-bf21-c32c43058551","created":"2026-05-05T02:00:00.000Z","modified":"2026-05-05T02:00:00.000Z","valid_from":"2026-05-05T02:00:00.000Z","name":"https://rastreamentobr-correios.github.io/correios/","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rastreamentobr-correios.github.io/correios/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051482054118785375"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71070660-45d7-569d-a80a-9d1a3bf77d2b","created":"2026-05-05T04:00:00.000Z","modified":"2026-05-05T04:00:00.000Z","valid_from":"2026-05-05T04:00:00.000Z","name":"facebookaccountrecovery.blogspot.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'facebookaccountrecovery.blogspot.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051512228801552636"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b66760f8-c01d-532d-823b-9333d862d2d9","created":"2026-05-05T04:00:00.000Z","modified":"2026-05-05T04:00:00.000Z","valid_from":"2026-05-05T04:00:00.000Z","name":"http://facebookaccountrecovery.blogspot.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://facebookaccountrecovery.blogspot.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051512228801552636"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c5c66560-6f97-58b3-aa9c-f7b315b3b052","created":"2026-05-05T04:27:00.000Z","modified":"2026-05-05T04:27:00.000Z","valid_from":"2026-05-05T04:27:00.000Z","name":"104.167.199.243","description":"IOC reported by @solostalking on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.167.199.243']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/solostalking/status/2051519033598410856"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8b5a275-68c9-5e48-abea-5d1f46540c58","created":"2026-05-05T05:15:00.000Z","modified":"2026-05-05T05:15:00.000Z","valid_from":"2026-05-05T05:15:00.000Z","name":"1293-traderpublic.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '1293-traderpublic.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051531293892972706"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--11a574b8-b7e7-5db0-952c-f26f4fe2d87f","created":"2026-05-05T05:15:00.000Z","modified":"2026-05-05T05:15:00.000Z","valid_from":"2026-05-05T05:15:00.000Z","name":"http://1293-traderpublic.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://1293-traderpublic.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051531293892972706"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f3f6b97-2ee3-5834-aa3d-cc80863bf78c","created":"2026-05-05T05:18:00.000Z","modified":"2026-05-05T05:18:00.000Z","valid_from":"2026-05-05T05:18:00.000Z","name":"michigan.gov-krpz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigan.gov-krpz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051531987467256063"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e15cb50-b389-5aa1-a1f8-fe80c0d85a1d","created":"2026-05-05T05:18:00.000Z","modified":"2026-05-05T05:18:00.000Z","valid_from":"2026-05-05T05:18:00.000Z","name":"http://michigan.gov-krpz.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigan.gov-krpz.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051531987467256063"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15aba1c7-4b73-55c1-b685-fda05d2661e2","created":"2026-05-05T06:06:00.000Z","modified":"2026-05-05T06:06:00.000Z","valid_from":"2026-05-05T06:06:00.000Z","name":"tacewica.z12.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tacewica.z12.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2051543962759180533"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--77a2b5ba-c9ac-59b3-87b8-1745491f5a2c","created":"2026-05-05T06:06:00.000Z","modified":"2026-05-05T06:06:00.000Z","valid_from":"2026-05-05T06:06:00.000Z","name":"https://tacewica.z12.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://tacewica.z12.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2051543962759180533"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cabd363-f447-51bd-b17a-63e89a56dc1b","created":"2026-05-05T06:23:00.000Z","modified":"2026-05-05T06:23:00.000Z","valid_from":"2026-05-05T06:23:00.000Z","name":"https://steamcommunity.com/profiles/76561198707628078","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://steamcommunity.com/profiles/76561198707628078']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2051548380841566326"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8695808e-1309-555a-9512-3da027d2622a","created":"2026-05-05T06:23:00.000Z","modified":"2026-05-05T06:23:00.000Z","valid_from":"2026-05-05T06:23:00.000Z","name":"https://telegram.me/hgo9tx","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://telegram.me/hgo9tx']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2051548380841566326"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd461e8f-9f1b-5821-a105-a8ea01fcf18a","created":"2026-05-05T06:23:00.000Z","modified":"2026-05-05T06:23:00.000Z","valid_from":"2026-05-05T06:23:00.000Z","name":"smtpdenz.my.id","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'smtpdenz.my.id']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2051548380841566326"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a16e54c-acfd-5a98-a1ef-02a0f2bc026d","created":"2026-05-05T06:23:00.000Z","modified":"2026-05-05T06:23:00.000Z","valid_from":"2026-05-05T06:23:00.000Z","name":"http://smtpdenz.my.id","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://smtpdenz.my.id']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2051548380841566326"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d0eff6b-eab3-5900-975e-2c8b83dbcfa8","created":"2026-05-05T06:23:00.000Z","modified":"2026-05-05T06:23:00.000Z","valid_from":"2026-05-05T06:23:00.000Z","name":"denzcodex.my.id","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'denzcodex.my.id']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2051548380841566326"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b30e9d2-635d-5343-828f-a2ff771eb684","created":"2026-05-05T06:23:00.000Z","modified":"2026-05-05T06:23:00.000Z","valid_from":"2026-05-05T06:23:00.000Z","name":"http://denzcodex.my.id","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://denzcodex.my.id']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2051548380841566326"}],"labels":["Vidar","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17d2de8c-3f49-544b-af45-1b1be8039af8","created":"2026-05-05T06:48:00.000Z","modified":"2026-05-05T06:48:00.000Z","valid_from":"2026-05-05T06:48:00.000Z","name":"5afd45ac84838b38445cbbb0fdeb4ae178cf24f1ef096f53a9553fb8c6676368","description":"IOC reported by @ElementalX2 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5afd45ac84838b38445cbbb0fdeb4ae178cf24f1ef096f53a9553fb8c6676368']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ElementalX2/status/2051554663988940800"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2710feb-54d4-518a-9604-dc1d635f42b3","created":"2026-05-05T06:54:00.000Z","modified":"2026-05-05T06:54:00.000Z","valid_from":"2026-05-05T06:54:00.000Z","name":"wap-oulugame.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wap-oulugame.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051556245392486855"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--abbca01d-84b4-5fce-8c3a-09ef255f582e","created":"2026-05-05T06:54:00.000Z","modified":"2026-05-05T06:54:00.000Z","valid_from":"2026-05-05T06:54:00.000Z","name":"https://wap-oulugame.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wap-oulugame.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051556245392486855"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ec8fd00-b9cc-54e4-a903-f8a86709dfb0","created":"2026-05-05T09:08:00.000Z","modified":"2026-05-05T09:08:00.000Z","valid_from":"2026-05-05T09:08:00.000Z","name":"ups-szallitas.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ups-szallitas.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051589917252227197"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8f87954-c53d-593e-a777-b8f7807e78de","created":"2026-05-05T09:08:00.000Z","modified":"2026-05-05T09:08:00.000Z","valid_from":"2026-05-05T09:08:00.000Z","name":"https://ups-szallitas.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ups-szallitas.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051589917252227197"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21f036e2-f570-57e3-b27c-00de740b9624","created":"2026-05-05T09:08:00.000Z","modified":"2026-05-05T09:08:00.000Z","valid_from":"2026-05-05T09:08:00.000Z","name":"185.99.98.8","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.99.98.8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051589917252227197"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--646c1e7f-46ae-5df3-9124-1a3a3955f541","created":"2026-05-05T09:11:00.000Z","modified":"2026-05-05T09:11:00.000Z","valid_from":"2026-05-05T09:11:00.000Z","name":"jami3dorosmaroc.com","description":"IOC reported by @0xdead2ec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jami3dorosmaroc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/0xdead2ec/status/2051590516869894189"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--758782b1-97bc-5831-91b7-fe142a3d8a00","created":"2026-05-05T09:11:00.000Z","modified":"2026-05-05T09:11:00.000Z","valid_from":"2026-05-05T09:11:00.000Z","name":"https://www.jami3dorosmaroc.com","description":"IOC reported by @0xdead2ec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.jami3dorosmaroc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/0xdead2ec/status/2051590516869894189"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc75f61b-ed0b-56c4-a0e1-c1a095be94a1","created":"2026-05-05T09:11:00.000Z","modified":"2026-05-05T09:11:00.000Z","valid_from":"2026-05-05T09:11:00.000Z","name":"http://104.21.87.28","description":"IOC reported by @0xdead2ec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.21.87.28']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/0xdead2ec/status/2051590516869894189"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--080c0a1f-49bc-5fec-8a4f-1dc0c1f7043d","created":"2026-05-05T09:11:00.000Z","modified":"2026-05-05T09:11:00.000Z","valid_from":"2026-05-05T09:11:00.000Z","name":"http://172.67.140.19","description":"IOC reported by @0xdead2ec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.140.19']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/0xdead2ec/status/2051590516869894189"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fd423ed-81dd-5c90-b255-9b366d3cb777","created":"2026-05-05T09:29:00.000Z","modified":"2026-05-05T09:29:00.000Z","valid_from":"2026-05-05T09:29:00.000Z","name":"94.26.90.139","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.26.90.139']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051595242709872775"}],"labels":["C2","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6189f5c9-efad-525c-b51d-77b272720363","created":"2026-05-05T09:29:00.000Z","modified":"2026-05-05T09:29:00.000Z","valid_from":"2026-05-05T09:29:00.000Z","name":"85.239.149.35","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '85.239.149.35']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051595242709872775"}],"labels":["C2","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7824fccd-28b2-59a9-91fe-346fad617091","created":"2026-05-05T09:31:00.000Z","modified":"2026-05-05T09:31:00.000Z","valid_from":"2026-05-05T09:31:00.000Z","name":"win.shoplline.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'win.shoplline.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051595505738686899"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6be9e94-78d4-5fde-8ac0-39677dd1fd88","created":"2026-05-05T09:31:00.000Z","modified":"2026-05-05T09:31:00.000Z","valid_from":"2026-05-05T09:31:00.000Z","name":"http://win.shoplline.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://win.shoplline.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051595505738686899"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--53920448-f0b3-5fce-ac6e-74f2d5107f76","created":"2026-05-05T09:31:00.000Z","modified":"2026-05-05T09:31:00.000Z","valid_from":"2026-05-05T09:31:00.000Z","name":"http://172.245.126.122","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.245.126.122']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051595505738686899"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--58631956-1fba-522a-a836-f5d5b589a17b","created":"2026-05-05T09:31:00.000Z","modified":"2026-05-05T09:31:00.000Z","valid_from":"2026-05-05T09:31:00.000Z","name":"172.245.126.122","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '172.245.126.122']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051595505738686899"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d94eabbe-38ee-5f0f-b5ab-62275ca773c1","created":"2026-05-05T09:31:00.000Z","modified":"2026-05-05T09:31:00.000Z","valid_from":"2026-05-05T09:31:00.000Z","name":"7bb76436834111c516a227f10360476af5632130cac643852267102c6344d9fb","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7bb76436834111c516a227f10360476af5632130cac643852267102c6344d9fb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051595505738686899"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0e78528-908d-5eff-97cc-c986d16b6100","created":"2026-05-05T09:56:00.000Z","modified":"2026-05-05T09:56:00.000Z","valid_from":"2026-05-05T09:56:00.000Z","name":"38.180.107.76","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.180.107.76']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2051601963553259626"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--50794b71-e570-506a-a9f4-2857ac2b171f","created":"2026-05-05T10:00:00.000Z","modified":"2026-05-05T10:00:00.000Z","valid_from":"2026-05-05T10:00:00.000Z","name":"alsipb.zeabur.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'alsipb.zeabur.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051602841630847065"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49466a93-6a8a-5c9e-bfd9-a276d698e7f9","created":"2026-05-05T10:00:00.000Z","modified":"2026-05-05T10:00:00.000Z","valid_from":"2026-05-05T10:00:00.000Z","name":"https://alsipb.zeabur.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://alsipb.zeabur.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051602841630847065"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--087a5b6e-39ab-5642-b04a-3535a565bfe9","created":"2026-05-05T10:36:00.000Z","modified":"2026-05-05T10:36:00.000Z","valid_from":"2026-05-05T10:36:00.000Z","name":"sdlxmetal.com","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sdlxmetal.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2051611998287507824"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a43ea56-3e61-5e38-842c-eec74b9108e8","created":"2026-05-05T10:36:00.000Z","modified":"2026-05-05T10:36:00.000Z","valid_from":"2026-05-05T10:36:00.000Z","name":"http://sdlxmetal.com","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sdlxmetal.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2051611998287507824"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b6123d6-882f-56f7-8cdb-c0708eb7ea62","created":"2026-05-05T10:36:00.000Z","modified":"2026-05-05T10:36:00.000Z","valid_from":"2026-05-05T10:36:00.000Z","name":"a006a70d925ade4a489c18adc518adb9","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'a006a70d925ade4a489c18adc518adb9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2051611998287507824"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e16de43-b535-5245-b665-dc7113225573","created":"2026-05-05T10:36:00.000Z","modified":"2026-05-05T10:36:00.000Z","valid_from":"2026-05-05T10:36:00.000Z","name":"715648a5f4f50df760d2a98a2ea22dc5","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '715648a5f4f50df760d2a98a2ea22dc5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2051611998287507824"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e53b55c8-83c2-5dcb-b260-587cef1fa13f","created":"2026-05-05T11:25:00.000Z","modified":"2026-05-05T11:25:00.000Z","valid_from":"2026-05-05T11:25:00.000Z","name":"activate-2fa.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'activate-2fa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051614748802756864"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a63edeb8-ab94-56b3-a570-deb77a1d2a91","created":"2026-05-05T11:25:00.000Z","modified":"2026-05-05T11:25:00.000Z","valid_from":"2026-05-05T11:25:00.000Z","name":"http://activate-2fa.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://activate-2fa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051614748802756864"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7379ebc-5727-575c-93c0-00ab851b6507","created":"2026-05-05T11:25:00.000Z","modified":"2026-05-05T11:25:00.000Z","valid_from":"2026-05-05T11:25:00.000Z","name":"eimerialoader.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eimerialoader.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051614748802756864"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a530a66-6042-5176-b1fb-8371ab580f30","created":"2026-05-05T11:25:00.000Z","modified":"2026-05-05T11:25:00.000Z","valid_from":"2026-05-05T11:25:00.000Z","name":"http://eimerialoader.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eimerialoader.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051614748802756864"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa976fd3-6016-5ca4-90de-f7d3684e0fe0","created":"2026-05-05T11:54:00.000Z","modified":"2026-05-05T11:54:00.000Z","valid_from":"2026-05-05T11:54:00.000Z","name":"safephoto-vault.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'safephoto-vault.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051631729874464931"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5477cbb3-68ca-5360-8f96-d3aeaedea201","created":"2026-05-05T11:54:00.000Z","modified":"2026-05-05T11:54:00.000Z","valid_from":"2026-05-05T11:54:00.000Z","name":"http://safephoto-vault.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://safephoto-vault.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051631729874464931"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--41b6f6d3-6b1b-5478-b044-2fcf5940ca3d","created":"2026-05-05T12:00:00.000Z","modified":"2026-05-05T12:00:00.000Z","valid_from":"2026-05-05T12:00:00.000Z","name":"teamp-sup.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'teamp-sup.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051633042649743648"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--795f5627-873d-5366-b44c-40826fe5e949","created":"2026-05-05T12:00:00.000Z","modified":"2026-05-05T12:00:00.000Z","valid_from":"2026-05-05T12:00:00.000Z","name":"https://teamp-sup.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://teamp-sup.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051633042649743648"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83885fd9-d9b2-57bb-b9ec-e1f7b1244ca5","created":"2026-05-05T13:19:00.000Z","modified":"2026-05-05T13:19:00.000Z","valid_from":"2026-05-05T13:19:00.000Z","name":"http://107.175.246.42/25/","description":"IOC reported by @James_inthe_box on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://107.175.246.42/25/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/James_inthe_box/status/2051652981108732130"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e4ca11f-0f3b-5e1c-a57f-c9e1acd54e88","created":"2026-05-05T13:19:00.000Z","modified":"2026-05-05T13:19:00.000Z","valid_from":"2026-05-05T13:19:00.000Z","name":"http://89.40.31.143/img/","description":"IOC reported by @James_inthe_box on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://89.40.31.143/img/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/James_inthe_box/status/2051652981108732130"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c56ef79b-c3f6-5cf7-99c3-1964c43e7c0f","created":"2026-05-05T13:24:00.000Z","modified":"2026-05-05T13:24:00.000Z","valid_from":"2026-05-05T13:24:00.000Z","name":"controlpanel.sbs","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'controlpanel.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2051654176518627382"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebf969c4-4926-5e40-9b71-5856bd9af525","created":"2026-05-05T13:24:00.000Z","modified":"2026-05-05T13:24:00.000Z","valid_from":"2026-05-05T13:24:00.000Z","name":"http://controlpanel.sbs","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://controlpanel.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2051654176518627382"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38d10da1-4878-536f-bd58-1ccdb3a5e842","created":"2026-05-05T13:24:00.000Z","modified":"2026-05-05T13:24:00.000Z","valid_from":"2026-05-05T13:24:00.000Z","name":"ns1.globaldnsnetwork.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ns1.globaldnsnetwork.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2051654176518627382"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9652dce9-6fc8-5fd2-a6ab-956624e892c8","created":"2026-05-05T13:24:00.000Z","modified":"2026-05-05T13:24:00.000Z","valid_from":"2026-05-05T13:24:00.000Z","name":"http://ns1.globaldnsnetwork.com","description":"IOC reported by @mugu_reporter on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ns1.globaldnsnetwork.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/mugu_reporter/status/2051654176518627382"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e90e67ff-a021-51c1-b987-990913acb8a2","created":"2026-05-05T13:59:00.000Z","modified":"2026-05-05T13:59:00.000Z","valid_from":"2026-05-05T13:59:00.000Z","name":"e6ujsppajgb756x7x5ykdryvlcjynltb52eiwi6pd4bfwo6hddd6neid.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e6ujsppajgb756x7x5ykdryvlcjynltb52eiwi6pd4bfwo6hddd6neid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2051663165793173662"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c4da8ea-4d4a-5579-bcde-8e271465338a","created":"2026-05-05T13:59:00.000Z","modified":"2026-05-05T13:59:00.000Z","valid_from":"2026-05-05T13:59:00.000Z","name":"https://e6ujsppajgb756x7x5ykdryvlcjynltb52eiwi6pd4bfwo6hddd6neid.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e6ujsppajgb756x7x5ykdryvlcjynltb52eiwi6pd4bfwo6hddd6neid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2051663165793173662"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--69477752-c3f8-55f9-8f24-9dc3e670fede","created":"2026-05-05T14:00:00.000Z","modified":"2026-05-05T14:00:00.000Z","valid_from":"2026-05-05T14:00:00.000Z","name":"homegencatcatdepartament.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'homegencatcatdepartament.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051663239046455410"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82b06ed1-c3d9-51ec-ae0d-b57f101df51a","created":"2026-05-05T14:00:00.000Z","modified":"2026-05-05T14:00:00.000Z","valid_from":"2026-05-05T14:00:00.000Z","name":"https://homegencatcatdepartament.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://homegencatcatdepartament.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051663239046455410"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93e2a5e3-0f8b-5a98-ac63-71af0cc40edb","created":"2026-05-05T14:18:00.000Z","modified":"2026-05-05T14:18:00.000Z","valid_from":"2026-05-05T14:18:00.000Z","name":"blockterralab.com","description":"IOC reported by @banthisguy9349 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'blockterralab.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/banthisguy9349/status/2051667828928086143"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4967456e-581a-53d8-b028-d05bceba6ed4","created":"2026-05-05T14:18:00.000Z","modified":"2026-05-05T14:18:00.000Z","valid_from":"2026-05-05T14:18:00.000Z","name":"http://blockterralab.com","description":"IOC reported by @banthisguy9349 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://blockterralab.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/banthisguy9349/status/2051667828928086143"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--421da6e5-90c5-5149-9476-bf6f155071fd","created":"2026-05-05T14:41:00.000Z","modified":"2026-05-05T14:41:00.000Z","valid_from":"2026-05-05T14:41:00.000Z","name":"09a5ca7673f3734f8987b2b4d69255ffaa05cd2e77cf2d6f72a2d6a3c91139fb","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '09a5ca7673f3734f8987b2b4d69255ffaa05cd2e77cf2d6f72a2d6a3c91139fb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051673729470480623"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7eef95ad-5e98-5a8a-a57f-eca48d15a8cb","created":"2026-05-05T14:41:00.000Z","modified":"2026-05-05T14:41:00.000Z","valid_from":"2026-05-05T14:41:00.000Z","name":"52591fc20b01ab714543e97b4fcbcfad630d50a4725d98da6f11e9bd5b1cf5bb","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '52591fc20b01ab714543e97b4fcbcfad630d50a4725d98da6f11e9bd5b1cf5bb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051673729470480623"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--19b3b3d7-34e7-57b5-a2ee-2fde2e441c39","created":"2026-05-05T14:41:00.000Z","modified":"2026-05-05T14:41:00.000Z","valid_from":"2026-05-05T14:41:00.000Z","name":"1f280d67ff50607e1435b1c10f67c633d681801bcad0d8870128b3698c10634d","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '1f280d67ff50607e1435b1c10f67c633d681801bcad0d8870128b3698c10634d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051673729470480623"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--28284714-9a95-5170-828b-86e74b9075ce","created":"2026-05-05T14:41:00.000Z","modified":"2026-05-05T14:41:00.000Z","valid_from":"2026-05-05T14:41:00.000Z","name":"64035e86735d0c01e0eb0862def6a48f012ec0a8e701874092ee1506ab65d273","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '64035e86735d0c01e0eb0862def6a48f012ec0a8e701874092ee1506ab65d273']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051673729470480623"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a7cf9ef-60dc-57ca-98e5-7086f2e4b01e","created":"2026-05-05T14:41:00.000Z","modified":"2026-05-05T14:41:00.000Z","valid_from":"2026-05-05T14:41:00.000Z","name":"65b2956b1f1f26136b692d91de8ad98d6590b7f5b94d0acc88bbc61f8228a579","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '65b2956b1f1f26136b692d91de8ad98d6590b7f5b94d0acc88bbc61f8228a579']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051673729470480623"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6c57d57-3c00-5666-817e-c758b6264193","created":"2026-05-05T14:41:00.000Z","modified":"2026-05-05T14:41:00.000Z","valid_from":"2026-05-05T14:41:00.000Z","name":"740025dd6d222bc08b925692a6ef3bd5af86ecd030a8e8cef68b09f5da761fb2","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '740025dd6d222bc08b925692a6ef3bd5af86ecd030a8e8cef68b09f5da761fb2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051673729470480623"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5c0b529-845c-57f7-8786-2a3df6ff5dfa","created":"2026-05-05T14:41:00.000Z","modified":"2026-05-05T14:41:00.000Z","valid_from":"2026-05-05T14:41:00.000Z","name":"79c2d06072e004639ea3b27c405d5cbb50a0af3531b743521c2b4a42557cc26f","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '79c2d06072e004639ea3b27c405d5cbb50a0af3531b743521c2b4a42557cc26f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051673729470480623"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--07bab62c-0ef7-561d-99cc-94b22c6305b3","created":"2026-05-05T14:41:00.000Z","modified":"2026-05-05T14:41:00.000Z","valid_from":"2026-05-05T14:41:00.000Z","name":"079842b1c4fae65b5c6af3e75a7305a263865cd033696a5a2fe7ea707e0c3d71","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '079842b1c4fae65b5c6af3e75a7305a263865cd033696a5a2fe7ea707e0c3d71']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051673729470480623"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d278df3a-1e8a-50cc-901d-dbd5816ff8c1","created":"2026-05-05T15:04:00.000Z","modified":"2026-05-05T15:04:00.000Z","valid_from":"2026-05-05T15:04:00.000Z","name":"http://216.126.237.71","description":"IOC reported by @banthisguy9349 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://216.126.237.71']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/banthisguy9349/status/2051679529484390406"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--463b0fe9-3234-5764-9ec6-88127c6411f5","created":"2026-05-05T15:04:00.000Z","modified":"2026-05-05T15:04:00.000Z","valid_from":"2026-05-05T15:04:00.000Z","name":"216.126.237.71","description":"IOC reported by @banthisguy9349 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '216.126.237.71']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/banthisguy9349/status/2051679529484390406"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ceb617dd-7c49-56ac-be6d-0a302eb39392","created":"2026-05-05T16:00:00.000Z","modified":"2026-05-05T16:00:00.000Z","valid_from":"2026-05-05T16:00:00.000Z","name":"site-ptpssooma.godaddysites.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'site-ptpssooma.godaddysites.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051693455202468237"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34939ff8-33f0-5da8-89bc-0bad10c2424c","created":"2026-05-05T16:00:00.000Z","modified":"2026-05-05T16:00:00.000Z","valid_from":"2026-05-05T16:00:00.000Z","name":"http://www.site-ptpssooma.godaddysites.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://www.site-ptpssooma.godaddysites.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051693455202468237"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0e78528-908d-5eff-97cc-c986d16b6100","created":"2026-05-05T16:20:00.000Z","modified":"2026-05-05T16:20:00.000Z","valid_from":"2026-05-05T16:20:00.000Z","name":"38.180.107.76","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.180.107.76']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051698438522188158"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f3504dc-c6b7-5ca4-870c-c0c356cc7a08","created":"2026-05-05T16:20:00.000Z","modified":"2026-05-05T16:20:00.000Z","valid_from":"2026-05-05T16:20:00.000Z","name":"update.daemontools.cc","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'update.daemontools.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051698438522188158"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3e0316d-a210-54d7-b316-8835e1191719","created":"2026-05-05T16:20:00.000Z","modified":"2026-05-05T16:20:00.000Z","valid_from":"2026-05-05T16:20:00.000Z","name":"http://update.daemontools.cc","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://update.daemontools.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051698438522188158"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a610ea20-82e3-5feb-ba36-4d7a5d4f8126","created":"2026-05-05T16:20:00.000Z","modified":"2026-05-05T16:20:00.000Z","valid_from":"2026-05-05T16:20:00.000Z","name":"daemontools.cc","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'daemontools.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051698438522188158"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--afd801a0-b87e-58dc-b0f4-30038aa2f4cd","created":"2026-05-05T17:11:00.000Z","modified":"2026-05-05T17:11:00.000Z","valid_from":"2026-05-05T17:11:00.000Z","name":"softpeak.live","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'softpeak.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051711391824826810"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--50282062-6df7-5002-9183-4c7988d6aa87","created":"2026-05-05T17:11:00.000Z","modified":"2026-05-05T17:11:00.000Z","valid_from":"2026-05-05T17:11:00.000Z","name":"https://softpeak.live/install/install_23.exe","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://softpeak.live/install/install_23.exe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051711391824826810"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c5eea588-668d-5bd3-b54c-4b7593397af6","created":"2026-05-05T17:12:00.000Z","modified":"2026-05-05T17:12:00.000Z","valid_from":"2026-05-05T17:12:00.000Z","name":"http://81.71.155.121","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://81.71.155.121']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051711724219482169"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea6e57b7-3672-5a20-9bdc-7d61fb15fe52","created":"2026-05-05T17:12:00.000Z","modified":"2026-05-05T17:12:00.000Z","valid_from":"2026-05-05T17:12:00.000Z","name":"81.71.155.121","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '81.71.155.121']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051711724219482169"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--697d4503-fc7b-5a5f-9674-584982e94aa0","created":"2026-05-05T17:15:00.000Z","modified":"2026-05-05T17:15:00.000Z","valid_from":"2026-05-05T17:15:00.000Z","name":"http://178.16.55.231:8080","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://178.16.55.231:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051712342187254035"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc6bbb0a-edf3-578c-9df2-c8f3947cef7b","created":"2026-05-05T17:15:00.000Z","modified":"2026-05-05T17:15:00.000Z","valid_from":"2026-05-05T17:15:00.000Z","name":"178.16.55.231","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '178.16.55.231']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051712342187254035"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aee9e9a2-c04b-53a4-9f74-e8ef8218a307","created":"2026-05-05T18:00:00.000Z","modified":"2026-05-05T18:00:00.000Z","valid_from":"2026-05-05T18:00:00.000Z","name":"loginacstrasbourgfrdpprofileo0cauthorize1executione1e77.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'loginacstrasbourgfrdpprofileo0cauthorize1executione1e77.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051723655986475068"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3055b64e-25a3-5ead-b0d5-3b7b2e9936b6","created":"2026-05-05T18:00:00.000Z","modified":"2026-05-05T18:00:00.000Z","valid_from":"2026-05-05T18:00:00.000Z","name":"https://loginacstrasbourgfrdpprofileo0cauthorize1executione1e77.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://loginacstrasbourgfrdpprofileo0cauthorize1executione1e77.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051723655986475068"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fa5d13a-136d-5e8e-ac90-78a108089c7e","created":"2026-05-05T18:00:00.000Z","modified":"2026-05-05T18:00:00.000Z","valid_from":"2026-05-05T18:00:00.000Z","name":"nid-naverjqs.serveftp.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-naverjqs.serveftp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2051723620066673114"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b758abe3-4a0a-5937-9f41-b8133ce1d025","created":"2026-05-05T18:00:00.000Z","modified":"2026-05-05T18:00:00.000Z","valid_from":"2026-05-05T18:00:00.000Z","name":"http://nid-naverjqs.serveftp.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-naverjqs.serveftp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2051723620066673114"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fb6d949-690e-570f-9326-f47d4e3ea1f8","created":"2026-05-05T18:00:00.000Z","modified":"2026-05-05T18:00:00.000Z","valid_from":"2026-05-05T18:00:00.000Z","name":"http://27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2051723620066673114"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c41e64fd-bb60-5e1c-a8ea-f62b098b645e","created":"2026-05-05T18:00:00.000Z","modified":"2026-05-05T18:00:00.000Z","valid_from":"2026-05-05T18:00:00.000Z","name":"27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2051723620066673114"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a12099d3-4f41-516a-a8ae-b5bbf4bf2609","created":"2026-05-05T18:00:00.000Z","modified":"2026-05-05T18:00:00.000Z","valid_from":"2026-05-05T18:00:00.000Z","name":"b09b8f1ca9864f2b896884ec80334a9c8b4f7bae18d060a990755796158205db","description":"IOC reported by @L0Psec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'b09b8f1ca9864f2b896884ec80334a9c8b4f7bae18d060a990755796158205db']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/L0Psec/status/2051723802002788439"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--22da09a9-b5d8-5a61-b035-e29c7964aab0","created":"2026-05-05T18:00:00.000Z","modified":"2026-05-05T18:00:00.000Z","valid_from":"2026-05-05T18:00:00.000Z","name":"f1643d0c321c10fc8f6de4b33dd4c80b2323372209ea131a420fca7373bd4c34","description":"IOC reported by @L0Psec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'f1643d0c321c10fc8f6de4b33dd4c80b2323372209ea131a420fca7373bd4c34']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/L0Psec/status/2051723802002788439"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1c21b43-afe9-5370-a3bc-362113c366d1","created":"2026-05-05T18:14:00.000Z","modified":"2026-05-05T18:14:00.000Z","valid_from":"2026-05-05T18:14:00.000Z","name":"ncafe-article.media","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncafe-article.media']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051727363067539880"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5668ac67-3d2c-5c9c-b41f-c413d475720a","created":"2026-05-05T18:14:00.000Z","modified":"2026-05-05T18:14:00.000Z","valid_from":"2026-05-05T18:14:00.000Z","name":"http://ncafe-article.media","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafe-article.media']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051727363067539880"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--598ae24b-c602-57ed-a067-6c8d78f00412","created":"2026-05-05T18:14:00.000Z","modified":"2026-05-05T18:14:00.000Z","valid_from":"2026-05-05T18:14:00.000Z","name":"http://\ub85c\uadf8\uc778ncafe-article.media","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://\ub85c\uadf8\uc778ncafe-article.media']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051727363067539880"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7720ce11-f774-5772-a2e7-54ed0c91414d","created":"2026-05-05T18:16:00.000Z","modified":"2026-05-05T18:16:00.000Z","valid_from":"2026-05-05T18:16:00.000Z","name":"http://ncafe-article.media/view/482915","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafe-article.media/view/482915']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051727661416784206"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--63356bd4-520e-5eb9-b57f-15003ee2b999","created":"2026-05-05T18:17:00.000Z","modified":"2026-05-05T18:17:00.000Z","valid_from":"2026-05-05T18:17:00.000Z","name":"http://47.236.95.106","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://47.236.95.106']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051727878669337047"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68e2e949-34d2-5833-bf46-424097d9a1ee","created":"2026-05-05T18:17:00.000Z","modified":"2026-05-05T18:17:00.000Z","valid_from":"2026-05-05T18:17:00.000Z","name":"47.236.95.106","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.236.95.106']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051727878669337047"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65af9d1c-8113-5a0e-a5b4-94d7c92afa25","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"ncafe-postread.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncafe-postread.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53d460ca-5501-5683-8c19-dff484a45532","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://ncafe-postread.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafe-postread.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--792c9331-b29b-5a5c-bf24-95d01d549d5a","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"caferead-nhn.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'caferead-nhn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b345135-4c86-5441-9aa5-3b9da68a9b81","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://caferead-nhn.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://caferead-nhn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--94157c34-4b4a-5e71-b12c-598f6a16653f","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"nhnarticle-cafe.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhnarticle-cafe.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3dce5746-9b6b-58ce-a8e8-2b0a5e33a28c","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://nhnarticle-cafe.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhnarticle-cafe.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3011be07-86a4-5025-a87c-8e546ece8a48","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"nhn-cafeview.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhn-cafeview.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5532b028-e327-5584-a2fd-4e168c924bb4","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://nhn-cafeview.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhn-cafeview.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3f52751-59ea-536d-921b-3f77443e8f3e","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"cafeview-nhn.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cafeview-nhn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--507456ca-f630-521f-b763-0fad971701da","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://cafeview-nhn.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cafeview-nhn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d703a95-86e4-5c02-ada4-f3aceb2a2c55","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"nhhposts-cafe.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhhposts-cafe.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9692322-cae6-55c5-99cb-52014e3c4519","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://nhhposts-cafe.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhhposts-cafe.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b769ae0d-9839-5904-865a-47e6e4e8e77e","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"cafeposts-nhn.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cafeposts-nhn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f16d9f0-5485-5869-9574-e4025edfc3ff","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://cafeposts-nhn.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cafeposts-nhn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ddf0aa3-c9bc-59b5-80d7-1ffaacd2b428","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"cafepost-nhn.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cafepost-nhn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bfe53cbe-2418-5380-ba34-a7849faa8cab","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://cafepost-nhn.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cafepost-nhn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--178321fb-7b37-50c6-a3b4-53e2f2a34bdd","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"nhhpost-cafe.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhhpost-cafe.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f524468-895d-5efa-b67b-35ab83cd3bba","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://nhhpost-cafe.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhhpost-cafe.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65008e04-0095-5acd-8f95-5ca1a219977e","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"ncafe-posts.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncafe-posts.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f55b322-0cf7-5c73-b79f-a18d8f8556de","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://ncafe-posts.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafe-posts.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03551350-838c-52e3-b512-7933b081f3d1","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"ncafe-articles.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncafe-articles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98d336d2-570d-5f76-974d-575dd0b8ad0e","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://ncafe-articles.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafe-articles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5e30b7f-c6e0-55a9-b62c-a9817e4747b4","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"nhncafe-read.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhncafe-read.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b36f5b7-8462-5e99-99a2-ee0bb8bb3e59","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://nhncafe-read.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhncafe-read.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f3eaac4-8268-5054-884b-53f3aa4075a3","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"cafe-nhnview.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cafe-nhnview.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f5ec11f-908e-54c1-a83c-96f5324fa797","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://cafe-nhnview.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cafe-nhnview.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f942f9e0-c878-58d9-92f8-c6b1199db586","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"nhncafe-view.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhncafe-view.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c43e2734-e125-532e-a7d0-e2571f92f967","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://nhncafe-view.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhncafe-view.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--621d9708-4e9c-5937-a81f-961cffbcef87","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"ncafe-articleviewer.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncafe-articleviewer.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02fe84dd-8e3f-5610-99f4-ae449119996d","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://ncafe-articleviewer.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafe-articleviewer.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--589e1941-eb40-5f72-8789-8a6ca07567e0","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"ncafearticles-viewer.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncafearticles-viewer.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72d22b6d-4485-565c-bf0c-440b0d912cad","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://ncafearticles-viewer.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafearticles-viewer.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a430cde-5894-5314-a6db-986bc7bb484a","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"ncafe-viewarticle.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncafe-viewarticle.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b05dc07-b08a-5f5f-9542-55e2567f1824","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://ncafe-viewarticle.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafe-viewarticle.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--417a7a98-d228-5bd7-92b4-f83cb4f016c7","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"ncafe-readarticles.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncafe-readarticles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a1fd557-63b4-5792-9883-0a8141e30a5a","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://ncafe-readarticles.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafe-readarticles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc1936f9-52c5-5ac2-90a8-742a95f07198","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"nhn-cafearticle.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhn-cafearticle.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ce8d038-9980-5a28-ae64-3f7f0d166a30","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://nhn-cafearticle.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhn-cafearticle.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0ab856f-9b8f-5a71-aa75-2aee66871a88","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"ncafe-articleview.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ncafe-articleview.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8c2c86e-2a7f-5b5d-8867-0931755a8e18","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"http://ncafe-articleview.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ncafe-articleview.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f49d9f8-865f-50fa-be23-ecff921ab7dd","created":"2026-05-05T18:24:00.000Z","modified":"2026-05-05T18:24:00.000Z","valid_from":"2026-05-05T18:24:00.000Z","name":"\ub85c\uadf8\uc778ncafe-article.media","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '\ub85c\uadf8\uc778ncafe-article.media']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051729851124469836"}],"labels":["DPRK","Kimsuky","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37884ee6-19c9-5c30-8994-14beeeef148a","created":"2026-05-05T19:24:00.000Z","modified":"2026-05-05T19:24:00.000Z","valid_from":"2026-05-05T19:24:00.000Z","name":"yasx.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'yasx.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051744915768365066"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6b564e7-e2ed-5518-907f-874aa9ff9cf3","created":"2026-05-05T19:24:00.000Z","modified":"2026-05-05T19:24:00.000Z","valid_from":"2026-05-05T19:24:00.000Z","name":"http://yasx.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://yasx.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051744915768365066"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--35b4505e-3f12-5afd-aa7a-ca41ec3a4f0a","created":"2026-05-05T19:24:00.000Z","modified":"2026-05-05T19:24:00.000Z","valid_from":"2026-05-05T19:24:00.000Z","name":"51.36.170.18","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '51.36.170.18']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051744915768365066"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce74abfb-181c-5724-b119-59a8650c19c0","created":"2026-05-05T19:58:00.000Z","modified":"2026-05-05T19:58:00.000Z","valid_from":"2026-05-05T19:58:00.000Z","name":"graph.org","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'graph.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2051753310353592652"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff1a293f-a71c-5e0b-81e6-2d8668e28f54","created":"2026-05-05T19:58:00.000Z","modified":"2026-05-05T19:58:00.000Z","valid_from":"2026-05-05T19:58:00.000Z","name":"http://graph.org/BALANCE-3682444-USD-04-21-6","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://graph.org/BALANCE-3682444-USD-04-21-6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2051753310353592652"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3f18a29-735f-5fe5-bc98-c24d3e03540a","created":"2026-05-05T19:58:00.000Z","modified":"2026-05-05T19:58:00.000Z","valid_from":"2026-05-05T19:58:00.000Z","name":"121hiu.senes.at","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '121hiu.senes.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2051753310353592652"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a5ca5fa-466c-5d6d-9c3d-3f135c96761c","created":"2026-05-05T19:58:00.000Z","modified":"2026-05-05T19:58:00.000Z","valid_from":"2026-05-05T19:58:00.000Z","name":"http://121hiu.senes.at/stakings/","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://121hiu.senes.at/stakings/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2051753310353592652"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83b6f403-4f53-589f-b7fa-5f3b3d436460","created":"2026-05-05T19:58:00.000Z","modified":"2026-05-05T19:58:00.000Z","valid_from":"2026-05-05T19:58:00.000Z","name":"http://121hiu.senes.at/stakings/signup.php","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://121hiu.senes.at/stakings/signup.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2051753310353592652"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66b19c7b-b399-59c1-96d3-c2de362b3ffe","created":"2026-05-05T19:58:00.000Z","modified":"2026-05-05T19:58:00.000Z","valid_from":"2026-05-05T19:58:00.000Z","name":"http://121hiu.senes.at/stakings/cab397sk.php","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://121hiu.senes.at/stakings/cab397sk.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2051753310353592652"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca194cbf-04cf-5856-90cc-cf761ba405ee","created":"2026-05-05T19:58:00.000Z","modified":"2026-05-05T19:58:00.000Z","valid_from":"2026-05-05T19:58:00.000Z","name":"5d40c757c85814b86733d66ffc9e325b1007ac98513a20ea13a871c6964f5ba4","description":"IOC reported by @osint_barbie on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5d40c757c85814b86733d66ffc9e325b1007ac98513a20ea13a871c6964f5ba4']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/osint_barbie/status/2051753352372093363"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68fe04a3-6921-5006-b4d5-c83d50dc96a7","created":"2026-05-05T19:58:00.000Z","modified":"2026-05-05T19:58:00.000Z","valid_from":"2026-05-05T19:58:00.000Z","name":"http://graph.org/BALANCE-3682444-USD-04-21-6redirects","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://graph.org/BALANCE-3682444-USD-04-21-6redirects']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2051753310353592652"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92bde22f-82d8-5f67-b85f-3719e174d6f8","created":"2026-05-05T20:00:00.000Z","modified":"2026-05-05T20:00:00.000Z","valid_from":"2026-05-05T20:00:00.000Z","name":"ni30kushwaha563.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ni30kushwaha563.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051753839477363115"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--431c6b76-e10c-5dbc-acdb-706fd4480ff4","created":"2026-05-05T20:00:00.000Z","modified":"2026-05-05T20:00:00.000Z","valid_from":"2026-05-05T20:00:00.000Z","name":"https://ni30kushwaha563.github.io/Netflix-Clone/","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ni30kushwaha563.github.io/Netflix-Clone/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051753839477363115"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8618d09e-1954-5e1c-bf7d-3eb58ea0e195","created":"2026-05-05T20:05:00.000Z","modified":"2026-05-05T20:05:00.000Z","valid_from":"2026-05-05T20:05:00.000Z","name":"c4a25e2cbb0b23e0fc257108152e77f0ccaea3031579203fa21d54c8c12ab28e","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c4a25e2cbb0b23e0fc257108152e77f0ccaea3031579203fa21d54c8c12ab28e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051755308435849301"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6d12b7a-e3c0-5552-9b39-42e3c18bf796","created":"2026-05-05T20:06:00.000Z","modified":"2026-05-05T20:06:00.000Z","valid_from":"2026-05-05T20:06:00.000Z","name":"michigansos.due-mihf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'michigansos.due-mihf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051755378061222214"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dcb57a4b-771a-5bda-bc2f-62e4f762a1af","created":"2026-05-05T20:06:00.000Z","modified":"2026-05-05T20:06:00.000Z","valid_from":"2026-05-05T20:06:00.000Z","name":"http://michigansos.due-mihf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://michigansos.due-mihf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051755378061222214"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a31cca7-51a8-5a09-b95e-ac96790246dc","created":"2026-05-05T20:16:00.000Z","modified":"2026-05-05T20:16:00.000Z","valid_from":"2026-05-05T20:16:00.000Z","name":"03e15ea608e25202c41fef5ec95f010b5bfcdaee638170ae8ce86ecc3c5fd615","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '03e15ea608e25202c41fef5ec95f010b5bfcdaee638170ae8ce86ecc3c5fd615']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2051757877803589982"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--edde390a-ba22-5a43-a695-012869bfdaa6","created":"2026-05-05T21:11:00.000Z","modified":"2026-05-05T21:11:00.000Z","valid_from":"2026-05-05T21:11:00.000Z","name":"12.5.0.242","description":"IOC reported by @Xploitzone_01 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '12.5.0.242']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Xploitzone_01/status/2051771723167474042"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6939c80-6dea-5e0a-8d6c-b61c5d326cde","created":"2026-05-05T21:21:00.000Z","modified":"2026-05-05T21:21:00.000Z","valid_from":"2026-05-05T21:21:00.000Z","name":"qr.paps.jp","description":"IOC reported by @v4ensics on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'qr.paps.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/v4ensics/status/2051774404581880104"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--103a41e6-d6b4-5bab-ad97-49932a273134","created":"2026-05-05T21:21:00.000Z","modified":"2026-05-05T21:21:00.000Z","valid_from":"2026-05-05T21:21:00.000Z","name":"http://qr.paps.jp/AMo2a","description":"IOC reported by @v4ensics on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://qr.paps.jp/AMo2a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/v4ensics/status/2051774404581880104"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9909a0f0-5391-5cc5-9b55-3930fa33e627","created":"2026-05-05T21:21:00.000Z","modified":"2026-05-05T21:21:00.000Z","valid_from":"2026-05-05T21:21:00.000Z","name":"ln.run","description":"IOC reported by @v4ensics on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ln.run']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/v4ensics/status/2051774404581880104"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d7840d9-74f6-5068-9ddb-695f0a7ce0cd","created":"2026-05-05T21:21:00.000Z","modified":"2026-05-05T21:21:00.000Z","valid_from":"2026-05-05T21:21:00.000Z","name":"http://ln.run/YBt6C","description":"IOC reported by @v4ensics on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ln.run/YBt6C']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/v4ensics/status/2051774404581880104"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1162588-b760-5f98-856b-5361dbd2bb13","created":"2026-05-05T21:21:00.000Z","modified":"2026-05-05T21:21:00.000Z","valid_from":"2026-05-05T21:21:00.000Z","name":"invoinec-fudge-5e9398.netlify.app","description":"IOC reported by @v4ensics on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoinec-fudge-5e9398.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/v4ensics/status/2051774404581880104"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8005c1fc-34df-5c5f-85db-bee553e38494","created":"2026-05-05T21:21:00.000Z","modified":"2026-05-05T21:21:00.000Z","valid_from":"2026-05-05T21:21:00.000Z","name":"http://invoinec-fudge-5e9398.netlify.app","description":"IOC reported by @v4ensics on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoinec-fudge-5e9398.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/v4ensics/status/2051774404581880104"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0627b62b-33fc-580b-ade5-91c0a321789e","created":"2026-05-05T21:26:00.000Z","modified":"2026-05-05T21:26:00.000Z","valid_from":"2026-05-05T21:26:00.000Z","name":"9.9.9.10","description":"IOC reported by @moritz_knorr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '9.9.9.10']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/moritz_knorr/status/2051775525719327152"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--02b0c821-f056-5b7e-b4c2-798162041d42","created":"2026-05-05T21:46:00.000Z","modified":"2026-05-05T21:46:00.000Z","valid_from":"2026-05-05T21:46:00.000Z","name":"64.95.10.14","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '64.95.10.14']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2051780533823139928"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--78bec66e-1ac1-52d9-8644-38c5d613aed1","created":"2026-05-05T21:46:00.000Z","modified":"2026-05-05T21:46:00.000Z","valid_from":"2026-05-05T21:46:00.000Z","name":"fc146e0907d2c1f182f01bb7417c9e4b1b9854395fa267c1093b4f5a0f7f526c","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'fc146e0907d2c1f182f01bb7417c9e4b1b9854395fa267c1093b4f5a0f7f526c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2051780533823139928"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e369f7fc-2622-5767-a0d3-e61028f81ed6","created":"2026-05-05T21:46:00.000Z","modified":"2026-05-05T21:46:00.000Z","valid_from":"2026-05-05T21:46:00.000Z","name":"aeb1cca563df283b3d4065e601f0ac053559f20c681eb70ded38717c1fc259a9","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'aeb1cca563df283b3d4065e601f0ac053559f20c681eb70ded38717c1fc259a9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2051780533823139928"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0becdfc4-7ec1-5abd-aa55-65706141d80f","created":"2026-05-05T21:46:00.000Z","modified":"2026-05-05T21:46:00.000Z","valid_from":"2026-05-05T21:46:00.000Z","name":"d0f5e98fb840fb5656d3f50613b6f1ec60e57392643159841bc1fa95396087a4","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd0f5e98fb840fb5656d3f50613b6f1ec60e57392643159841bc1fa95396087a4']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2051780533823139928"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5be976e2-1c77-557a-81ba-05494edc1aae","created":"2026-05-05T21:46:00.000Z","modified":"2026-05-05T21:46:00.000Z","valid_from":"2026-05-05T21:46:00.000Z","name":"45.61.136.94","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.61.136.94']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2051780533823139928"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8aba8bf-7333-54f6-848c-12fc7aaac3a2","created":"2026-05-05T21:46:00.000Z","modified":"2026-05-05T21:46:00.000Z","valid_from":"2026-05-05T21:46:00.000Z","name":"64.95.12.238","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '64.95.12.238']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2051780533823139928"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6346c5c0-e8c5-5965-8fa8-009b3af1c9db","created":"2026-05-05T21:46:00.000Z","modified":"2026-05-05T21:46:00.000Z","valid_from":"2026-05-05T21:46:00.000Z","name":"162.33.179.149","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '162.33.179.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2051780533823139928"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--492e8266-ca65-5600-b7ca-d8cba57543d4","created":"2026-05-05T21:46:00.000Z","modified":"2026-05-05T21:46:00.000Z","valid_from":"2026-05-05T21:46:00.000Z","name":"64.95.13.76","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '64.95.13.76']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2051780533823139928"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--78fac00e-fdff-5d59-89cf-9bef9fe38679","created":"2026-05-05T22:00:00.000Z","modified":"2026-05-05T22:00:00.000Z","valid_from":"2026-05-05T22:00:00.000Z","name":"netflix-clone-coral-eight.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'netflix-clone-coral-eight.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051784046645019025"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0452e50f-827d-5323-ab1b-da499028d24a","created":"2026-05-05T22:00:00.000Z","modified":"2026-05-05T22:00:00.000Z","valid_from":"2026-05-05T22:00:00.000Z","name":"http://netflix-clone-coral-eight.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://netflix-clone-coral-eight.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2051784046645019025"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a30d2811-d5f3-5885-a152-6240efc801e8","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"cocoscapital.top","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cocoscapital.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78b2598f-9adc-5a52-8b08-bdcbb31eff29","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"https://cocoscapital.top","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cocoscapital.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0df4cb9f-0937-582a-b905-889605c8ed3b","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"idreportinfo.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'idreportinfo.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84be8b2d-6741-5e89-b1fc-7b93c77ba0b4","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"https://idreportinfo.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://idreportinfo.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0933bdbc-2089-5c7a-8e2f-4df812ce62b0","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"playstorejadlog.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'playstorejadlog.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d503b722-c546-54ab-83e1-4a10d68a7bf5","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"https://playstorejadlog.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://playstorejadlog.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2828960-b705-53ea-abc7-df8cd3e613cd","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"mayorista-panini.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mayorista-panini.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2375cc0-123c-5d71-a61c-28ba7526ed89","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"https://mayorista-panini.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mayorista-panini.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7acfcbd-fce5-531f-b174-634814881505","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"figurinhascopa-panini2026.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'figurinhascopa-panini2026.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8fd035d-0c27-5c89-ae85-2eaa699ff04d","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"https://figurinhascopa-panini2026.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://figurinhascopa-panini2026.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59ff0ed4-6bf5-5e7f-a45b-acb59f1d086e","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"albumdacopa.store","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'albumdacopa.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21b0ec9c-a7db-51d9-8b15-1a1c159c58b5","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"https://albumdacopa.store","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://albumdacopa.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3db5c0e4-671b-5d58-b260-602f93f827c2","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"panini-pt.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'panini-pt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3d6c698-2beb-5aa2-bd5d-96a8dd9d20ab","created":"2026-05-05T22:21:00.000Z","modified":"2026-05-05T22:21:00.000Z","valid_from":"2026-05-05T22:21:00.000Z","name":"https://panini-pt.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://panini-pt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2051789284219273219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9a75741-e2a3-5729-8f80-5485d105ca40","created":"2026-05-06T00:55:00.000Z","modified":"2026-05-06T00:55:00.000Z","valid_from":"2026-05-06T00:55:00.000Z","name":"zamknj.xagnnx.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zamknj.xagnnx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051828114934972630"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15b42b24-f15f-56ac-a4b3-fdf01ae08d91","created":"2026-05-06T00:55:00.000Z","modified":"2026-05-06T00:55:00.000Z","valid_from":"2026-05-06T00:55:00.000Z","name":"https://zamknj.xagnnx.cn/gpajp/accunt/lginox/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zamknj.xagnnx.cn/gpajp/accunt/lginox/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051828114934972630"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d79c4ac-4e12-54d2-ae4a-59f827e5dfa3","created":"2026-05-06T01:05:00.000Z","modified":"2026-05-06T01:05:00.000Z","valid_from":"2026-05-06T01:05:00.000Z","name":"ugKsiWBMC9NC.extinct-attractions-club.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ugKsiWBMC9NC.extinct-attractions-club.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2051830617848107245"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a388251-6f50-5bf8-aa59-4e7b2f98a836","created":"2026-05-06T01:05:00.000Z","modified":"2026-05-06T01:05:00.000Z","valid_from":"2026-05-06T01:05:00.000Z","name":"https://ugKsiWBMC9NC.extinct-attractions-club.com/?e=<","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ugKsiWBMC9NC.extinct-attractions-club.com/?e=<']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2051830617848107245"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--129fea57-7a86-5627-9de9-92809a5d3446","created":"2026-05-06T01:54:00.000Z","modified":"2026-05-06T01:54:00.000Z","valid_from":"2026-05-06T01:54:00.000Z","name":"t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 't33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2051842888733192200"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--38635d2a-568a-5986-8b0d-add15db5c451","created":"2026-05-06T01:54:00.000Z","modified":"2026-05-06T01:54:00.000Z","valid_from":"2026-05-06T01:54:00.000Z","name":"http://t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2051842888733192200"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d115df0-f6fc-54f4-a990-ee7ce226f6d9","created":"2026-05-06T02:14:00.000Z","modified":"2026-05-06T02:14:00.000Z","valid_from":"2026-05-06T02:14:00.000Z","name":"ochenbistro.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ochenbistro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051848164626579666"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d30f57a-2124-57ff-b186-0296b5b3d26a","created":"2026-05-06T02:14:00.000Z","modified":"2026-05-06T02:14:00.000Z","valid_from":"2026-05-06T02:14:00.000Z","name":"http://ochenbistro.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ochenbistro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2051848164626579666"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed730bc9-4224-5569-abdc-5cc164ec634d","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://85.137.249.224:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://85.137.249.224:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7772137-3771-5781-be7c-a97f2e594cee","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://85.137.249.243:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://85.137.249.243:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c79a394-794f-5f88-8baf-20fd21186c82","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://193.233.244.243:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.233.244.243:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5e402c1-3981-5c39-8154-c69bc1975408","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://45.90.97.211:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.90.97.211:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8bafa4d1-24ab-58b1-9505-32c7d941dbea","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://87.120.244.90:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://87.120.244.90:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4788394b-452a-5471-9327-601b28e32f7b","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://87.120.244.206:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://87.120.244.206:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ad14c5f-4f28-5299-8313-93ff93b9e767","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://45.155.54.113:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.155.54.113:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a24d5648-3db9-5c91-8d07-929c58fa8e0c","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://46.253.4.33:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://46.253.4.33:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bc4caea-c2ec-5a5f-8127-b0beab9042fe","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://45.155.54.123:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.155.54.123:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e19a9696-f148-517e-90c0-5410deac401f","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://45.155.54.253:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.155.54.253:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb685a92-9beb-5ffc-a112-efaa1d4a3eca","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://45.155.54.22:8080","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.155.54.22:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e894761-c634-5a34-ab3a-a218a51e3b5e","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"chuchuchacha.shop","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chuchuchacha.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e3d2a91-f978-5dc9-8363-90f7c01830f9","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://chuchuchacha.shop","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chuchuchacha.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--deb145d4-9e6f-595b-b8d9-ce742fd6a420","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"chuchuchacha.xyz","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chuchuchacha.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a79efbb1-2c9a-5a3c-badf-97443b8a6efc","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://chuchuchacha.xyz","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chuchuchacha.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5e85464-e298-5662-b753-58bafa876c28","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"chuchuchachawin.bond","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chuchuchachawin.bond']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6021a844-2c0d-5717-9cd1-ea51e6909e4b","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://chuchuchachawin.bond","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chuchuchachawin.bond']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65136328-97e8-52b8-8d91-b67a41ebd3ea","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"chuchuchachawin.sbs","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chuchuchachawin.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0bd8f5e-0005-5c3f-8704-bafee91ce8f1","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://chuchuchachawin.sbs","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chuchuchachawin.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25aead9c-3167-5d94-bd0b-ac15cfca34bd","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"echs.online","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'echs.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4fbb4d9-0cf2-5355-85f7-f819bcc667b3","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://echs.online","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://echs.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1139c87-c932-58f3-bed8-7f79223c441e","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"forwindowstesting.site","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'forwindowstesting.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b04b2051-e0bd-58cb-b8a1-33a7e8647c87","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://forwindowstesting.site","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://forwindowstesting.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b5e9cb4-68bf-51bf-8610-d8b9b46e56d8","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"forwindowstesting.space","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'forwindowstesting.space']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab6ebe59-cde7-5aa4-9674-4933e14bd677","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://forwindowstesting.space","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://forwindowstesting.space']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e8408a0-1abe-5ed9-a73b-fea3b12ece63","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"ftp.czwaluk.de","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ftp.czwaluk.de']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9db3a2e5-76f9-5c50-b8c2-1240b8a470d7","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://ftp.czwaluk.de","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ftp.czwaluk.de']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9713a6a0-f8c7-5598-a6de-65bfd5b83c27","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"makiinindia.online","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'makiinindia.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--79c6f2a5-86c1-5be2-8a5f-3c033268768f","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://makiinindia.online","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://makiinindia.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97099fb2-7c0f-5594-b1aa-67c3f9bcd4f7","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"makiinindia.xyz","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'makiinindia.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--de57ab15-f58d-549e-87fc-0fd07ebf343b","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://makiinindia.xyz","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://makiinindia.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cb88839-8ec5-5c68-8733-9cff50d0304a","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"vayusena.store","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vayusena.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50f59ec5-83d3-5476-bf76-095bc3210be9","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://vayusena.store","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vayusena.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--51e53a85-338b-573b-9f01-0fd307463d51","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"vayusena.online","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vayusena.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03e89274-1cf6-5e52-8008-83d23f1b57a5","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://vayusena.online","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vayusena.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--949b5e43-3703-54f8-9e07-f8c30d370d0d","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"vdsd.whypay.info","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vdsd.whypay.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--57a22e14-0894-5e2d-ac3c-ed5efbf4fd6b","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"http://vdsd.whypay.info","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vdsd.whypay.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc346e59-4043-5de4-8f7c-eedbce54038c","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"85.137.249.224","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '85.137.249.224']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0886feaa-4d16-529e-b6dd-4f3ea26e973b","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"85.137.249.243","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '85.137.249.243']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5720fb42-b0e8-5f7d-8a50-a587901bc43a","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"193.233.244.243","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.233.244.243']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d946f0a-9c91-569e-88b3-71872e63e08d","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"45.90.97.211","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.90.97.211']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b12da1e-29b3-5588-9fcc-5d4dbe8b327b","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"87.120.244.90","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '87.120.244.90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--053dfc3c-25e1-582b-9df5-0da01cbedeac","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"87.120.244.206","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '87.120.244.206']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--baa536c0-42a3-572d-b897-514b2206584f","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"45.155.54.113","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.155.54.113']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--129b76d1-e8f0-5af4-a767-cde2abed6f17","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"46.253.4.33","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '46.253.4.33']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0068e8b9-e60c-58ab-b353-de9fbbc27a41","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"45.155.54.123","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.155.54.123']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72ca3088-a2c4-5779-83f1-949ec8d84f42","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"45.155.54.253","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.155.54.253']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3375d139-eab9-5730-b8ea-994d2e25ebf8","created":"2026-05-06T03:48:00.000Z","modified":"2026-05-06T03:48:00.000Z","valid_from":"2026-05-06T03:48:00.000Z","name":"45.155.54.22","description":"IOC reported by @Cyberteam008 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.155.54.22']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Cyberteam008/status/2051871665496412608"}],"labels":["APT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fdab1686-0592-5619-9ef3-0ed42586961b","created":"2026-05-06T03:53:00.000Z","modified":"2026-05-06T03:53:00.000Z","valid_from":"2026-05-06T03:53:00.000Z","name":"specialme.pages.dev","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'specialme.pages.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2051873005555581185"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--91d2066c-c056-5c2e-adab-e4700f4ea039","created":"2026-05-06T03:53:00.000Z","modified":"2026-05-06T03:53:00.000Z","valid_from":"2026-05-06T03:53:00.000Z","name":"https://specialme.pages.dev/gradient","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://specialme.pages.dev/gradient']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2051873005555581185"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fecd6fbc-2aab-55fa-a30b-39d98d4ced1d","created":"2026-05-06T03:53:00.000Z","modified":"2026-05-06T03:53:00.000Z","valid_from":"2026-05-06T03:53:00.000Z","name":"pub-84967d52dcf9438dad6b39da8e17c5ea.r2.dev","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pub-84967d52dcf9438dad6b39da8e17c5ea.r2.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2051873005555581185"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fc2c612-01c0-560f-9906-385d7e2953ef","created":"2026-05-06T03:53:00.000Z","modified":"2026-05-06T03:53:00.000Z","valid_from":"2026-05-06T03:53:00.000Z","name":"https://pub-84967d52dcf9438dad6b39da8e17c5ea.r2.dev/invitationcard_Ti.msi","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pub-84967d52dcf9438dad6b39da8e17c5ea.r2.dev/invitationcard_Ti.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2051873005555581185"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0af3c6f9-a775-5d9d-87e1-7f2be1036299","created":"2026-05-06T03:53:00.000Z","modified":"2026-05-06T03:53:00.000Z","valid_from":"2026-05-06T03:53:00.000Z","name":"7345df9eaedd6eb0a5e4c15a01d02fa8eb40a674166243853e26a04b55fa2d34","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7345df9eaedd6eb0a5e4c15a01d02fa8eb40a674166243853e26a04b55fa2d34']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2051873005555581185"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6052aa36-039a-5ba0-bc42-6151d34d91a9","created":"2026-05-06T03:54:00.000Z","modified":"2026-05-06T03:54:00.000Z","valid_from":"2026-05-06T03:54:00.000Z","name":"e291ee630a58c405f86ca83d9364bfc3dbf13aecff9000cca4f2602158dac845","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'e291ee630a58c405f86ca83d9364bfc3dbf13aecff9000cca4f2602158dac845']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2051873146219934156"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0933bdbc-2089-5c7a-8e2f-4df812ce62b0","created":"2026-05-06T04:07:00.000Z","modified":"2026-05-06T04:07:00.000Z","valid_from":"2026-05-06T04:07:00.000Z","name":"playstorejadlog.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'playstorejadlog.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051876529399795947"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d503b722-c546-54ab-83e1-4a10d68a7bf5","created":"2026-05-06T04:07:00.000Z","modified":"2026-05-06T04:07:00.000Z","valid_from":"2026-05-06T04:07:00.000Z","name":"https://playstorejadlog.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://playstorejadlog.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051876529399795947"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e76e469-bcb3-59d4-9a17-172b15304734","created":"2026-05-06T04:07:00.000Z","modified":"2026-05-06T04:07:00.000Z","valid_from":"2026-05-06T04:07:00.000Z","name":"142.4.193.55","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '142.4.193.55']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2051876529399795947"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b791e3ee-96e4-5d3a-b429-4782b492d8d6","created":"2026-05-06T04:34:00.000Z","modified":"2026-05-06T04:34:00.000Z","valid_from":"2026-05-06T04:34:00.000Z","name":"134.122.73.184","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '134.122.73.184']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051883191242486125"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef70d71a-ee3e-56ef-8508-5db3c9d6dcc4","created":"2026-05-06T04:38:00.000Z","modified":"2026-05-06T04:38:00.000Z","valid_from":"2026-05-06T04:38:00.000Z","name":"104.249.10.115","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.249.10.115']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051884363986669625"}],"labels":["C2","Hookbot"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8787fd71-c8e7-514f-8b26-7a38258fb843","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"domainnamevalidator.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'domainnamevalidator.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4439ebf1-4ee8-55fb-9b6f-b0245c0ebfa9","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"http://domainnamevalidator.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://domainnamevalidator.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fce012bc-c978-557f-994c-4520fb79d18b","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"getserviceupdates.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'getserviceupdates.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c567969e-a825-5bf7-975d-a2a69aa5d58e","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"http://getserviceupdates.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://getserviceupdates.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bad7b51e-358a-5b0a-accf-b636a2e8ba4d","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"fswhardtools.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fswhardtools.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db293803-fa65-519e-ac25-29bbae519fa0","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"http://fswhardtools.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fswhardtools.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee18ef33-1dd1-557e-9d09-5e49b441f484","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"domainregistationcheck.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'domainregistationcheck.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76555bd7-f96c-5be2-90b0-3647ca4fdad0","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"http://domainregistationcheck.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://domainregistationcheck.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d253be5-5657-5bf5-b608-841ad638dd56","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"insdriveupdates-360.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'insdriveupdates-360.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30d0a794-4e26-531c-b1de-71a2c84e049f","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"http://insdriveupdates-360.com","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://insdriveupdates-360.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a9ddb1d-d728-558c-b0b2-e9b63bccf6c4","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"microsoft.gotdns.ch","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'microsoft.gotdns.ch']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d338308f-0685-5729-9343-9a6b64c8fb0e","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"http://microsoft.gotdns.ch","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://microsoft.gotdns.ch']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a87a792c-4546-5ad0-bbaf-bf2d643d6015","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"23f5e51bf6d540553aa88c48480450a8","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '23f5e51bf6d540553aa88c48480450a8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--141c6ec8-5057-5f6d-a9c0-f05af8443a02","created":"2026-05-06T05:10:00.000Z","modified":"2026-05-06T05:10:00.000Z","valid_from":"2026-05-06T05:10:00.000Z","name":"d286d439393bde76b734bd3406628d47","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'd286d439393bde76b734bd3406628d47']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2051892318203175106"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be56f4c9-f651-51fc-b504-6715fc27e83f","created":"2026-05-06T05:41:00.000Z","modified":"2026-05-06T05:41:00.000Z","valid_from":"2026-05-06T05:41:00.000Z","name":"45.77.13.25","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.77.13.25']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051900013144420363"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7dade2e0-1d35-58a4-ad82-85517a75d54d","created":"2026-05-06T05:41:00.000Z","modified":"2026-05-06T05:41:00.000Z","valid_from":"2026-05-06T05:41:00.000Z","name":"103.229.124.225","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '103.229.124.225']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051900013144420363"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b070cf2-371e-55eb-9d76-288408bb9ee2","created":"2026-05-06T06:18:00.000Z","modified":"2026-05-06T06:18:00.000Z","valid_from":"2026-05-06T06:18:00.000Z","name":"bpiaz.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bpiaz.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051909371978752330"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--70bd895c-7f10-590f-a8f2-927ee7d9188f","created":"2026-05-06T06:18:00.000Z","modified":"2026-05-06T06:18:00.000Z","valid_from":"2026-05-06T06:18:00.000Z","name":"http://bpiaz.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bpiaz.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051909371978752330"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85d86e8e-6f0a-55f8-9517-ce7f2f9b1dd2","created":"2026-05-06T06:18:00.000Z","modified":"2026-05-06T06:18:00.000Z","valid_from":"2026-05-06T06:18:00.000Z","name":"bpi-vipu.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bpi-vipu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051909371978752330"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d6d9ae4-600d-5a48-8e80-0298f8410998","created":"2026-05-06T06:18:00.000Z","modified":"2026-05-06T06:18:00.000Z","valid_from":"2026-05-06T06:18:00.000Z","name":"http://bpi-vipu.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bpi-vipu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051909371978752330"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd6ec126-3dbd-5da7-92ed-deb54ec411d9","created":"2026-05-06T06:18:00.000Z","modified":"2026-05-06T06:18:00.000Z","valid_from":"2026-05-06T06:18:00.000Z","name":"bpikd.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bpikd.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051909371978752330"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78156300-fbd4-590d-b7a8-4262f4270fd6","created":"2026-05-06T06:18:00.000Z","modified":"2026-05-06T06:18:00.000Z","valid_from":"2026-05-06T06:18:00.000Z","name":"http://bpikd.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bpikd.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2051909371978752330"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66b60f9b-1e7b-5784-9d0f-50c6447eed12","created":"2026-05-06T07:14:00.000Z","modified":"2026-05-06T07:14:00.000Z","valid_from":"2026-05-06T07:14:00.000Z","name":"https://sites.google.com/view/bre-04-05-version","description":"IOC reported by @jo3rg on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sites.google.com/view/bre-04-05-version']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/jo3rg/status/2051923455575015909"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a264d69-5fa4-57ad-a10c-248419194e63","created":"2026-05-06T07:20:00.000Z","modified":"2026-05-06T07:20:00.000Z","valid_from":"2026-05-06T07:20:00.000Z","name":"cpanel.site","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cpanel.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2051924952413036841"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3821fa8f-cd2d-5856-8793-cd65563b3fb1","created":"2026-05-06T07:20:00.000Z","modified":"2026-05-06T07:20:00.000Z","valid_from":"2026-05-06T07:20:00.000Z","name":"http://cpanel.site/wh","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cpanel.site/wh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2051924952413036841"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15ebd559-ee72-59b6-b3e4-e7eaf9affea3","created":"2026-05-06T08:12:00.000Z","modified":"2026-05-06T08:12:00.000Z","valid_from":"2026-05-06T08:12:00.000Z","name":"pla7ina.cfd","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pla7ina.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051938062414835830"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1694d5f0-ade9-5e8f-8003-0a3f93f428cb","created":"2026-05-06T08:12:00.000Z","modified":"2026-05-06T08:12:00.000Z","valid_from":"2026-05-06T08:12:00.000Z","name":"http://pla7ina.cfd","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pla7ina.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051938062414835830"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a043588d-e7b7-5c60-8aff-2f1742b1c036","created":"2026-05-06T08:12:00.000Z","modified":"2026-05-06T08:12:00.000Z","valid_from":"2026-05-06T08:12:00.000Z","name":"0x666.info","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '0x666.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051938062414835830"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3ec8c2c-4714-56ac-b8b9-b145c5d664ed","created":"2026-05-06T08:12:00.000Z","modified":"2026-05-06T08:12:00.000Z","valid_from":"2026-05-06T08:12:00.000Z","name":"http://0x666.info","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://0x666.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051938062414835830"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03fc88ba-7c88-56b8-9be3-a74801ce6553","created":"2026-05-06T08:12:00.000Z","modified":"2026-05-06T08:12:00.000Z","valid_from":"2026-05-06T08:12:00.000Z","name":"honestly.ink","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'honestly.ink']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051938062414835830"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c93df32-c070-591b-9690-890387c1176c","created":"2026-05-06T08:12:00.000Z","modified":"2026-05-06T08:12:00.000Z","valid_from":"2026-05-06T08:12:00.000Z","name":"http://honestly.ink","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://honestly.ink']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051938062414835830"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae22b266-1cfe-5606-ba02-1201e0fb1562","created":"2026-05-06T08:12:00.000Z","modified":"2026-05-06T08:12:00.000Z","valid_from":"2026-05-06T08:12:00.000Z","name":"http://t.me/ax03bot","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t.me/ax03bot']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051938062414835830"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f1c4efb-42d3-5cbc-a478-216beb043fa5","created":"2026-05-06T08:12:00.000Z","modified":"2026-05-06T08:12:00.000Z","valid_from":"2026-05-06T08:12:00.000Z","name":"acvgste.club","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'acvgste.club']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051938062414835830"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--219bbafd-1126-58e2-9173-d92fd3d406a0","created":"2026-05-06T08:12:00.000Z","modified":"2026-05-06T08:12:00.000Z","valid_from":"2026-05-06T08:12:00.000Z","name":"http://acvgste.club","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://acvgste.club']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051938062414835830"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30ec0f3d-23cb-523e-83df-4c8408c97d4f","created":"2026-05-06T08:59:00.000Z","modified":"2026-05-06T08:59:00.000Z","valid_from":"2026-05-06T08:59:00.000Z","name":"ea1d34b21b739a6bbf89b3f7e67978005cf7f3eda612cefc7eac1c8ead7c5545","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'ea1d34b21b739a6bbf89b3f7e67978005cf7f3eda612cefc7eac1c8ead7c5545']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2051949869313470743"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--10522f5a-4809-5074-8d36-e7d16791c49b","created":"2026-05-06T09:09:00.000Z","modified":"2026-05-06T09:09:00.000Z","valid_from":"2026-05-06T09:09:00.000Z","name":"185.212.129.10","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.212.129.10']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051952424609628206"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d31dacb5-dea0-5a67-b550-a199bcc7d2de","created":"2026-05-06T09:33:00.000Z","modified":"2026-05-06T09:33:00.000Z","valid_from":"2026-05-06T09:33:00.000Z","name":"cf-mufg.xvfsf.com","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cf-mufg.xvfsf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2051958446216593413"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17e27380-9d45-5597-b0f5-445a8faf55ba","created":"2026-05-06T09:33:00.000Z","modified":"2026-05-06T09:33:00.000Z","valid_from":"2026-05-06T09:33:00.000Z","name":"https://cf-mufg.xvfsf.com/%F0%9D%90%A2%F0%9D%90%A7%F0%9D%90%9D%F0%9D%90%9E%F0%9D%90%B1.%F0%9D%90%A1%F0%9D%90%AD%F0%9D%90%A6%F0%9D%90%A5/","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cf-mufg.xvfsf.com/%F0%9D%90%A2%F0%9D%90%A7%F0%9D%90%9D%F0%9D%90%9E%F0%9D%90%B1.%F0%9D%90%A1%F0%9D%90%AD%F0%9D%90%A6%F0%9D%90%A5/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2051958446216593413"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--deeb011b-ff42-5ceb-8df3-319c103c6a3d","created":"2026-05-06T09:33:00.000Z","modified":"2026-05-06T09:33:00.000Z","valid_from":"2026-05-06T09:33:00.000Z","name":"195.86.16.166","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '195.86.16.166']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2051958446216593413"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bed6e9a-cc6f-5660-922f-95ba9c692186","created":"2026-05-06T09:53:00.000Z","modified":"2026-05-06T09:53:00.000Z","valid_from":"2026-05-06T09:53:00.000Z","name":"earth2.site","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'earth2.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051963544548061342"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f596627f-400a-566e-adb7-86ecef1fc711","created":"2026-05-06T09:53:00.000Z","modified":"2026-05-06T09:53:00.000Z","valid_from":"2026-05-06T09:53:00.000Z","name":"http://earth2.site","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://earth2.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051963544548061342"}],"labels":["Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34661f81-45ac-5e1c-a0f9-df2db59b9137","created":"2026-05-06T10:24:00.000Z","modified":"2026-05-06T10:24:00.000Z","valid_from":"2026-05-06T10:24:00.000Z","name":"103.211.219.238","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '103.211.219.238']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2051971419924299879"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4de369da-a800-564b-98f7-b9ace254dc13","created":"2026-05-06T10:24:00.000Z","modified":"2026-05-06T10:24:00.000Z","valid_from":"2026-05-06T10:24:00.000Z","name":"75fce6ec4b0815d7ccc9d87c2687c3c379c8e446739b3302b72688dd632c9f9e","description":"IOC reported by @abuse_ch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '75fce6ec4b0815d7ccc9d87c2687c3c379c8e446739b3302b72688dd632c9f9e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/abuse_ch/status/2051971419924299879"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee086e77-bc65-5f23-bd6f-da355dcb0f1b","created":"2026-05-06T10:29:00.000Z","modified":"2026-05-06T10:29:00.000Z","valid_from":"2026-05-06T10:29:00.000Z","name":"176.169.229.134","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '176.169.229.134']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051972490973323296"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd3234b0-da1e-56a5-9aa0-c68ac2db472f","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"http://146.19.125.23:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://146.19.125.23:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--29d13d07-e8d6-52ee-8f18-647d197e798f","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"http://176.120.22.131:9000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://176.120.22.131:9000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fec20f2e-ccda-5229-b8ba-c1e99b16b5e5","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"http://18.195.217.90:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://18.195.217.90:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8d7123a-1538-5a10-81e3-77ab4c33398f","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"http://62.164.177.225:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://62.164.177.225:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5767d4a-d8e8-548b-8d68-5fbd242e7705","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"http://91.238.50.178:3000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://91.238.50.178:3000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--315fb7e8-96de-5758-afd8-49d162537d14","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"146.19.125.23","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '146.19.125.23']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7197948b-f293-5af9-a935-07c17701c56c","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"176.120.22.131","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '176.120.22.131']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--23d9e957-ef28-5d55-b73c-04ffa005c8ba","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"18.195.217.90","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '18.195.217.90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f58599b-3bba-5374-9cca-9e0a773fa196","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"62.164.177.225","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '62.164.177.225']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1cfcdb2-320e-5d21-8cf7-13bc23dc3199","created":"2026-05-06T10:42:00.000Z","modified":"2026-05-06T10:42:00.000Z","valid_from":"2026-05-06T10:42:00.000Z","name":"91.238.50.178","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.238.50.178']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2051975789239828570"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--211cd96f-a0db-564b-b441-07b60fd472f6","created":"2026-05-06T11:22:00.000Z","modified":"2026-05-06T11:22:00.000Z","valid_from":"2026-05-06T11:22:00.000Z","name":"05e1761b535537287e7b72d103a29c4453742725600f59a34a4831eafc0b8e53","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '05e1761b535537287e7b72d103a29c4453742725600f59a34a4831eafc0b8e53']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051985942353703357"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b9b8ed2-c8e8-51ed-bcf3-9636b7840256","created":"2026-05-06T11:22:00.000Z","modified":"2026-05-06T11:22:00.000Z","valid_from":"2026-05-06T11:22:00.000Z","name":"5fbbca2d72840feb86b6ef8a1abb4fe2f225d84228a714391673be2719c73ac7","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5fbbca2d72840feb86b6ef8a1abb4fe2f225d84228a714391673be2719c73ac7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051985942353703357"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--436f7087-550f-528b-97d9-c6cb9c64093d","created":"2026-05-06T11:22:00.000Z","modified":"2026-05-06T11:22:00.000Z","valid_from":"2026-05-06T11:22:00.000Z","name":"8fd5b8db10458ace7e4ed335eb0c66527e1928ad87a3c688595804f72b205e8c","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8fd5b8db10458ace7e4ed335eb0c66527e1928ad87a3c688595804f72b205e8c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051985942353703357"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--201c9877-8ccf-5ff9-a6e7-1ffa6bbbe2c3","created":"2026-05-06T11:22:00.000Z","modified":"2026-05-06T11:22:00.000Z","valid_from":"2026-05-06T11:22:00.000Z","name":"a05400000843fbad6b28d2b76fc201c3d415a72d88d8dc548fafd8bae073c640","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'a05400000843fbad6b28d2b76fc201c3d415a72d88d8dc548fafd8bae073c640']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2051985942353703357"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ec3200d-018c-5d35-ac43-36da0e34ace4","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"boletukk.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'boletukk.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--57b53c1e-ab0f-5b33-bdc0-f3ce794dc2f6","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://boletukk.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://boletukk.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e602a2a-3dc0-5d0d-9e82-442341e7d800","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"trotskxt.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'trotskxt.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48aec3ff-4a7e-542c-85d4-cb9336fe2254","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://trotskxt.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://trotskxt.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--258eae4f-cf16-5340-bb11-eaf330a861f8","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"brechfo.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'brechfo.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3945c79a-3e95-571d-882f-80d6f34fc17e","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://brechfo.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://brechfo.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--706a5d38-5cb2-535b-9d0a-701edc18ca9d","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"cucumb.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cucumb.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58f0cefb-9a67-5dfc-bd33-e5411bd88dc3","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://cucumb.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cucumb.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d90e9e9-a995-5bf4-891d-03113f2af4ea","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"crapuhn.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'crapuhn.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43f4995d-2c6a-504e-baf7-39da5dc5076e","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://crapuhn.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://crapuhn.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b47535c-4ba4-5c9f-b3e4-dda2b9b698d3","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"ditabop.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ditabop.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a3b1fac-8100-5c40-aa65-28414d76a1a8","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://ditabop.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ditabop.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ff79d8b-7763-52cb-bc8c-f9b9ce8f36a5","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"codbsd.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'codbsd.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea8efc11-9330-5caa-94af-66af63b1dba3","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://codbsd.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://codbsd.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65a037e1-1250-568a-afad-a717977d90b8","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"poxzxin.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'poxzxin.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ca58001-07ae-5119-ad07-e5e1bbc5c00d","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://poxzxin.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://poxzxin.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d62ce98d-27c4-5da4-b013-b5c95b96178d","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"elgccyx.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'elgccyx.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d982ba9-c15e-5f00-a17f-f448f1f5fc41","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://elgccyx.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://elgccyx.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad87da18-1e86-5837-b6e1-9415bda959be","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"affimcm.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'affimcm.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6d28c0c-d7e1-5795-9215-26eb4a3d5b74","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://affimcm.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://affimcm.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25a3f053-1cb1-5523-8995-ef1f4f9717c7","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"springvc.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'springvc.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e0611c9-543e-5550-8ae4-3ac6e764f889","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://springvc.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://springvc.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--225b3677-ff95-5297-96e6-1ab7e34d623b","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"psychozc.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'psychozc.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--404527a6-6816-58d0-a0e3-ee958b00e06e","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://psychozc.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://psychozc.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1edd319-f0b2-5c22-b3ed-43af0b2ad4fa","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"pashtu.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pashtu.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--411ba1bd-e37c-5597-8919-37d303b14c6f","created":"2026-05-06T11:26:00.000Z","modified":"2026-05-06T11:26:00.000Z","valid_from":"2026-05-06T11:26:00.000Z","name":"http://pashtu.cyou","description":"IOC reported by @FABO97662188 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pashtu.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FABO97662188/status/2051987010525507609"}],"labels":["Lumma","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b23f584-cd7d-5155-bdf0-d95c05933637","created":"2026-05-06T11:37:00.000Z","modified":"2026-05-06T11:37:00.000Z","valid_from":"2026-05-06T11:37:00.000Z","name":"192.210.241.158","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.210.241.158']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2051989603633029345"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50676878-2369-533a-8d3b-55673150aee6","created":"2026-05-06T11:45:00.000Z","modified":"2026-05-06T11:45:00.000Z","valid_from":"2026-05-06T11:45:00.000Z","name":"cosiciday.z36.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cosiciday.z36.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2051991860747633028"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c56c8e4d-ef29-5956-92a1-ad446e251510","created":"2026-05-06T11:45:00.000Z","modified":"2026-05-06T11:45:00.000Z","valid_from":"2026-05-06T11:45:00.000Z","name":"https://cosiciday.z36.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cosiciday.z36.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2051991860747633028"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e652acd-3a67-5cb8-8448-13f97e10bbd8","created":"2026-05-06T11:45:00.000Z","modified":"2026-05-06T11:45:00.000Z","valid_from":"2026-05-06T11:45:00.000Z","name":"winuputom.z6.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'winuputom.z6.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2051991860747633028"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfba8875-5390-57fa-9f6e-16f9e48cfd1b","created":"2026-05-06T11:45:00.000Z","modified":"2026-05-06T11:45:00.000Z","valid_from":"2026-05-06T11:45:00.000Z","name":"https://winuputom.z6.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://winuputom.z6.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2051991860747633028"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a41f19a-b726-576d-b092-8f075eb03c3e","created":"2026-05-06T12:35:00.000Z","modified":"2026-05-06T12:35:00.000Z","valid_from":"2026-05-06T12:35:00.000Z","name":"obraxconstrucao.com","description":"IOC reported by @Coolcarlos17 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'obraxconstrucao.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Coolcarlos17/status/2052004388923724174"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9012f0f1-85a8-59f8-a360-83429ed2c0cf","created":"2026-05-06T12:35:00.000Z","modified":"2026-05-06T12:35:00.000Z","valid_from":"2026-05-06T12:35:00.000Z","name":"http://obraxconstrucao.com#phishing,#scam,#golpe,#fakewebiste,#falsoecommerce,#golpepix,#golpistasuspeito,#suspectscam,#scam","description":"IOC reported by @Coolcarlos17 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://obraxconstrucao.com#phishing,#scam,#golpe,#fakewebiste,#falsoecommerce,#golpepix,#golpistasuspeito,#suspectscam,#scam']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Coolcarlos17/status/2052004388923724174"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a7fd9c6-cbb0-59fa-a00f-1bb1d37b55a2","created":"2026-05-06T12:39:00.000Z","modified":"2026-05-06T12:39:00.000Z","valid_from":"2026-05-06T12:39:00.000Z","name":"193.233.113.45","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.233.113.45']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2052005206381015408"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e31280ef-9c0c-5a5d-aed1-f11ba131108d","created":"2026-05-06T12:49:00.000Z","modified":"2026-05-06T12:49:00.000Z","valid_from":"2026-05-06T12:49:00.000Z","name":"http://193.233.113.45:6000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.233.113.45:6000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052007751899828425"}],"labels":["Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31a00212-e0fa-5b82-a4d8-a472a17926a6","created":"2026-05-06T12:49:00.000Z","modified":"2026-05-06T12:49:00.000Z","valid_from":"2026-05-06T12:49:00.000Z","name":"cloud-verifed.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cloud-verifed.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052007751899828425"}],"labels":["Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4836cf4a-bac7-5a4c-9852-a3ad4f9addbf","created":"2026-05-06T12:49:00.000Z","modified":"2026-05-06T12:49:00.000Z","valid_from":"2026-05-06T12:49:00.000Z","name":"http://cloud-verifed.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cloud-verifed.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052007751899828425"}],"labels":["Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58bef46d-7d9e-5397-a2c4-4e7633a0070a","created":"2026-05-06T12:49:00.000Z","modified":"2026-05-06T12:49:00.000Z","valid_from":"2026-05-06T12:49:00.000Z","name":"entrarium.live","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'entrarium.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052007751899828425"}],"labels":["Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99f46be1-d15d-5164-9ee2-85882c7b4b5c","created":"2026-05-06T12:49:00.000Z","modified":"2026-05-06T12:49:00.000Z","valid_from":"2026-05-06T12:49:00.000Z","name":"http://entrarium.live","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://entrarium.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052007751899828425"}],"labels":["Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e75bcbcd-0c25-59ba-8057-361629c625ae","created":"2026-05-06T12:49:00.000Z","modified":"2026-05-06T12:49:00.000Z","valid_from":"2026-05-06T12:49:00.000Z","name":"suporteokx.minhacasa.tv","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'suporteokx.minhacasa.tv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052007751899828425"}],"labels":["Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eedbf851-f771-538e-9352-baa7cd7db952","created":"2026-05-06T12:49:00.000Z","modified":"2026-05-06T12:49:00.000Z","valid_from":"2026-05-06T12:49:00.000Z","name":"http://suporteokx.minhacasa.tv","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://suporteokx.minhacasa.tv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052007751899828425"}],"labels":["Xworm"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c9fd8d1-7363-5904-82fd-e9cb4562e832","created":"2026-05-06T12:54:00.000Z","modified":"2026-05-06T12:54:00.000Z","valid_from":"2026-05-06T12:54:00.000Z","name":"e-taxkeisanr-paypay.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-taxkeisanr-paypay.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052008990452928914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39b7031c-35c2-554d-ae92-72ec94ddb37d","created":"2026-05-06T12:54:00.000Z","modified":"2026-05-06T12:54:00.000Z","valid_from":"2026-05-06T12:54:00.000Z","name":"https://e-taxkeisanr-paypay.com/paypay-jp/guide/charge/utm_source_campaign","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-taxkeisanr-paypay.com/paypay-jp/guide/charge/utm_source_campaign']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052008990452928914"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f258fdbf-029f-5fdd-a7bd-26d747ed74c8","created":"2026-05-06T12:56:00.000Z","modified":"2026-05-06T12:56:00.000Z","valid_from":"2026-05-06T12:56:00.000Z","name":"f64513ac4543753e2137b8e20eaede24","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'f64513ac4543753e2137b8e20eaede24']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2052009695314145582"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc12b1be-8ce2-5b16-a9f4-f31895818dad","created":"2026-05-06T13:26:00.000Z","modified":"2026-05-06T13:26:00.000Z","valid_from":"2026-05-06T13:26:00.000Z","name":"\u4e0d\u660e888234.eu.cc","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '\u4e0d\u660e888234.eu.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052017164488737275"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40994256-4865-5d15-b694-80e2ee2c9a6c","created":"2026-05-06T13:26:00.000Z","modified":"2026-05-06T13:26:00.000Z","valid_from":"2026-05-06T13:26:00.000Z","name":"http://\u4e0d\u660e888234.eu.cc","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://\u4e0d\u660e888234.eu.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052017164488737275"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--11678195-012d-596b-a43f-1587394b9ab4","created":"2026-05-06T13:26:00.000Z","modified":"2026-05-06T13:26:00.000Z","valid_from":"2026-05-06T13:26:00.000Z","name":"43.130.253.123","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.130.253.123']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052017164488737275"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3ee80ee-c437-5c93-8aec-27d6a17a9215","created":"2026-05-06T14:28:00.000Z","modified":"2026-05-06T14:28:00.000Z","valid_from":"2026-05-06T14:28:00.000Z","name":"expyservice.space","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'expyservice.space']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2052032791068528789"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--511f7553-ce86-5c30-ba53-cea14d563e84","created":"2026-05-06T14:28:00.000Z","modified":"2026-05-06T14:28:00.000Z","valid_from":"2026-05-06T14:28:00.000Z","name":"http://expyservice.space","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://expyservice.space']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2052032791068528789"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a202c67c-d75e-5db7-9e3c-6a636297d19c","created":"2026-05-06T14:28:00.000Z","modified":"2026-05-06T14:28:00.000Z","valid_from":"2026-05-06T14:28:00.000Z","name":"expyservice.online","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'expyservice.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2052032791068528789"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec46cef9-6397-5300-a4c4-f098183b1c03","created":"2026-05-06T14:28:00.000Z","modified":"2026-05-06T14:28:00.000Z","valid_from":"2026-05-06T14:28:00.000Z","name":"http://expyservice.online","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://expyservice.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2052032791068528789"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f27100ee-5388-5ed5-84c2-3f6d40b707d3","created":"2026-05-06T14:29:00.000Z","modified":"2026-05-06T14:29:00.000Z","valid_from":"2026-05-06T14:29:00.000Z","name":"abmarifppb.top","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'abmarifppb.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052033097299005454"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--352542e0-311f-5ee7-b93b-9ac6a3df4703","created":"2026-05-06T14:29:00.000Z","modified":"2026-05-06T14:29:00.000Z","valid_from":"2026-05-06T14:29:00.000Z","name":"https://abmarifppb.top/jp","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://abmarifppb.top/jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052033097299005454"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c76d79c-7245-5ac7-819f-5ba6406752de","created":"2026-05-06T15:01:00.000Z","modified":"2026-05-06T15:01:00.000Z","valid_from":"2026-05-06T15:01:00.000Z","name":"certimanager-iduse825987.spettaculoso.it","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'certimanager-iduse825987.spettaculoso.it']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052041004509761835"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61595db1-7359-5415-ae44-7f66684f1e90","created":"2026-05-06T15:01:00.000Z","modified":"2026-05-06T15:01:00.000Z","valid_from":"2026-05-06T15:01:00.000Z","name":"http://certimanager-iduse825987.spettaculoso.it","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://certimanager-iduse825987.spettaculoso.it']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052041004509761835"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f76d20e4-df81-5ed6-ab88-3fb93590f0b5","created":"2026-05-06T15:26:00.000Z","modified":"2026-05-06T15:26:00.000Z","valid_from":"2026-05-06T15:26:00.000Z","name":"paypayyy.shadowgaze.sbs","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'paypayyy.shadowgaze.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2052047469064966293"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f221529-fad6-5e95-814b-581be58a964f","created":"2026-05-06T15:26:00.000Z","modified":"2026-05-06T15:26:00.000Z","valid_from":"2026-05-06T15:26:00.000Z","name":"https://paypayyy.shadowgaze.sbs/eWGaYO","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://paypayyy.shadowgaze.sbs/eWGaYO']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2052047469064966293"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0cf13777-d5e2-53be-a0fe-2976a91ca747","created":"2026-05-06T15:26:00.000Z","modified":"2026-05-06T15:26:00.000Z","valid_from":"2026-05-06T15:26:00.000Z","name":"43.165.67.155","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.165.67.155']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2052047469064966293"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d79fde08-9daf-5a9e-9111-1fc9e4315708","created":"2026-05-06T16:26:00.000Z","modified":"2026-05-06T16:26:00.000Z","valid_from":"2026-05-06T16:26:00.000Z","name":"admin-extranet.com","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'admin-extranet.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2052062395992830320"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e5f3f75-64b7-5134-a42f-8965e5a02acb","created":"2026-05-06T16:26:00.000Z","modified":"2026-05-06T16:26:00.000Z","valid_from":"2026-05-06T16:26:00.000Z","name":"https://admin-extranet.com/start/","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://admin-extranet.com/start/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2052062395992830320"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3edb74f0-6454-5d55-ad46-9d80a23e7e83","created":"2026-05-06T16:26:00.000Z","modified":"2026-05-06T16:26:00.000Z","valid_from":"2026-05-06T16:26:00.000Z","name":"http://217.145.226.119/book/","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://217.145.226.119/book/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2052062395992830320"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1e9e43f-dec0-59b7-99ab-25aeee73f266","created":"2026-05-06T16:26:00.000Z","modified":"2026-05-06T16:26:00.000Z","valid_from":"2026-05-06T16:26:00.000Z","name":"lkhpihf.com:443","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lkhpihf.com:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2052062395992830320"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a778439-6703-5d16-8793-5fd98a2f13d9","created":"2026-05-06T16:26:00.000Z","modified":"2026-05-06T16:26:00.000Z","valid_from":"2026-05-06T16:26:00.000Z","name":"http://lkhpihf.com:443","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lkhpihf.com:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2052062395992830320"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b669c12-7c83-5cc4-bdfe-eba32d5dbdc0","created":"2026-05-06T16:26:00.000Z","modified":"2026-05-06T16:26:00.000Z","valid_from":"2026-05-06T16:26:00.000Z","name":"lkboasprqw.com:443","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lkboasprqw.com:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2052062395992830320"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f5b7ad6-1723-5ade-843b-0d34bf089ee1","created":"2026-05-06T16:26:00.000Z","modified":"2026-05-06T16:26:00.000Z","valid_from":"2026-05-06T16:26:00.000Z","name":"http://lkboasprqw.com:443","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lkboasprqw.com:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2052062395992830320"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4174a22b-07d8-52f0-a433-72c36b5a64e4","created":"2026-05-06T16:26:00.000Z","modified":"2026-05-06T16:26:00.000Z","valid_from":"2026-05-06T16:26:00.000Z","name":"217.145.226.119","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '217.145.226.119']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2052062395992830320"}],"labels":["ClickFix","NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2bc7e664-bd40-50e2-80a7-d8000ba8c3ad","created":"2026-05-06T17:03:00.000Z","modified":"2026-05-06T17:03:00.000Z","valid_from":"2026-05-06T17:03:00.000Z","name":"58fe631de5833fc0b2a84a183cf3faefcb533987e99fed3c6334fd61716d6ae1","description":"IOC reported by @0x_shaq on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '58fe631de5833fc0b2a84a183cf3faefcb533987e99fed3c6334fd61716d6ae1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/0x_shaq/status/2052071761403838553"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--784cab27-a155-5be6-87c3-e78ff0cf22af","created":"2026-05-06T17:03:00.000Z","modified":"2026-05-06T17:03:00.000Z","valid_from":"2026-05-06T17:03:00.000Z","name":"127b64bf5264a54a67cd2c66f8f9d565c745708294ad8ee899aeb17eaa70992d","description":"IOC reported by @0x_shaq on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '127b64bf5264a54a67cd2c66f8f9d565c745708294ad8ee899aeb17eaa70992d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/0x_shaq/status/2052071761403838553"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9931b793-5bab-5d66-8d3e-840d1436f0e9","created":"2026-05-06T17:10:00.000Z","modified":"2026-05-06T17:10:00.000Z","valid_from":"2026-05-06T17:10:00.000Z","name":"pronhub.shop","description":"IOC reported by @drb_ra on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pronhub.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/drb_ra/status/2052073643174174902"}],"labels":["C2","CobaltStrike"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50ac5e3d-8955-51f8-bdf0-cdb7320bb098","created":"2026-05-06T17:10:00.000Z","modified":"2026-05-06T17:10:00.000Z","valid_from":"2026-05-06T17:10:00.000Z","name":"https://www.pronhub.shop/en_US/all.js","description":"IOC reported by @drb_ra on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.pronhub.shop/en_US/all.js']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/drb_ra/status/2052073643174174902"}],"labels":["C2","CobaltStrike"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0766a521-9b25-5ed8-b3c4-0c3d51012769","created":"2026-05-06T17:10:00.000Z","modified":"2026-05-06T17:10:00.000Z","valid_from":"2026-05-06T17:10:00.000Z","name":"http://68.64.178.130:443","description":"IOC reported by @drb_ra on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://68.64.178.130:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/drb_ra/status/2052073643174174902"}],"labels":["C2","CobaltStrike"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84012bae-3830-554a-87c9-4de160a6306e","created":"2026-05-06T17:10:00.000Z","modified":"2026-05-06T17:10:00.000Z","valid_from":"2026-05-06T17:10:00.000Z","name":"68.64.178.130","description":"IOC reported by @drb_ra on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '68.64.178.130']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/drb_ra/status/2052073643174174902"}],"labels":["C2","CobaltStrike"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1bd2b396-5101-590f-8277-494e3fa76239","created":"2026-05-06T18:23:00.000Z","modified":"2026-05-06T18:23:00.000Z","valid_from":"2026-05-06T18:23:00.000Z","name":"drew-interracial-building-yesterday.trycloudflare.com","description":"IOC reported by @SecurityAura on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'drew-interracial-building-yesterday.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SecurityAura/status/2052091788442190181"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ceca1327-16fe-5e0b-8ee7-40770ef84983","created":"2026-05-06T18:23:00.000Z","modified":"2026-05-06T18:23:00.000Z","valid_from":"2026-05-06T18:23:00.000Z","name":"https://drew-interracial-building-yesterday.trycloudflare.com/uka/Scan_0649302482930.pdf.txt","description":"IOC reported by @SecurityAura on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://drew-interracial-building-yesterday.trycloudflare.com/uka/Scan_0649302482930.pdf.txt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SecurityAura/status/2052091788442190181"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d054d4a4-90da-5870-ae8c-b9c1173b6cdb","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"jmpoemqnmpj.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmpoemqnmpj.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b9a4b56-ea99-52ce-8762-57753047f8f5","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://jmpoemqnmpj.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmpoemqnmpj.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--800b675d-5381-5555-bcb8-b1b790cc990d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imlbioxai.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imlbioxai.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d25c5f2d-a89c-54f1-8c58-1aa25d56ab55","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imlbioxai.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imlbioxai.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3e729f2-d2a0-520d-8d52-a339a94d7765","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"jmqgollpaij.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmqgollpaij.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fda142c-a7fc-57ff-906a-b3cc5ea16df6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://jmqgollpaij.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmqgollpaij.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ab01c1b-2852-594f-b075-86f3bad04acb","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"jmyappwlwza.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmyappwlwza.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98fc17a7-dce3-5883-babd-79282306c89a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://jmyappwlwza.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmyappwlwza.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1feeefe-dfff-5ab5-bf6d-73fe7257c887","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"jmvxsybqika.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmvxsybqika.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3425720f-cb2a-5cc9-8839-4f28b2c570d3","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://jmvxsybqika.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmvxsybqika.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c620406-5eae-5068-8651-9d98f67c9f8a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"jmmdkbebist.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmmdkbebist.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--118be536-2842-5a52-b13a-c7a6c245df3a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://jmmdkbebist.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmmdkbebist.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07d8363b-51a8-50a7-bb06-6bf21932b19f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"jmvtckrtdus.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmvtckrtdus.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b28fe1bf-0385-5290-bc22-155fb1a067d4","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://jmvtckrtdus.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmvtckrtdus.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0963b1fd-e30a-5766-a698-e175e77bc610","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"jmfrpejvtno.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmfrpejvtno.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d2cf1480-726e-539c-9ae2-d3dfae17288a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://jmfrpejvtno.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmfrpejvtno.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--484316f0-6717-5737-89ab-173ea7521d6b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"jmiwoyseqiv.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmiwoyseqiv.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46330670-86bd-5d29-90c2-770465645eb3","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://jmiwoyseqiv.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmiwoyseqiv.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01762379-6621-5378-9dcb-546c170f2bac","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"jmezzkwochd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmezzkwochd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--beca453c-70a8-5447-acf2-022ce25c85cd","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://jmezzkwochd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmezzkwochd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff56044a-d582-5423-8bda-01dc9037376d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imboeznibuk.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imboeznibuk.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dde74601-04fa-5258-a6ff-dd8a230d6007","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imboeznibuk.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imboeznibuk.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82505cf8-cba6-57e5-81c3-924296028413","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imtzdrlecxv.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imtzdrlecxv.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3ba3e24-f730-5331-a531-5a05e9c54ea8","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imtzdrlecxv.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imtzdrlecxv.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--022ae418-e177-53b3-b2ca-d1c270e13d84","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imvfptssn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imvfptssn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05b8d5da-326d-59b2-af30-dc50f5063391","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imvfptssn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imvfptssn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cf4e3db-b0ce-5b4b-8acf-0bab27199858","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzmfkbbsewp.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzmfkbbsewp.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58765b6b-afe0-5dc4-a4ed-710b3a064c35","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzmfkbbsewp.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzmfkbbsewp.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--287ab754-527e-5afd-b5b5-a23af9f29def","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzvenuidipk.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzvenuidipk.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22a5b06b-5d59-5a80-a8c6-bc59b76edabc","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzvenuidipk.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzvenuidipk.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f6d433f-ecb4-5312-bec5-27afb25dafa1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzrgwbmxiuj.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzrgwbmxiuj.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e1d4142-82a5-548b-8fe2-57332f86f8b5","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzrgwbmxiuj.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzrgwbmxiuj.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03960af0-d89b-530f-8282-31d85beb8e89","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzsnlfjbutu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzsnlfjbutu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0cc3cee0-e3f5-574f-8554-40616e4f36bd","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzsnlfjbutu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzsnlfjbutu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--156646d5-b005-5687-a734-f768b4172c05","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzbvmihrfuq.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzbvmihrfuq.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b4f1dfe-a7b4-5547-a9b7-7c3483f17561","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzbvmihrfuq.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzbvmihrfuq.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dcd1931c-43be-544d-86d1-fd816456440d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzvuhwepflo.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzvuhwepflo.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b18f582b-f91e-5ff7-a064-2ae35a39bcd8","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzvuhwepflo.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzvuhwepflo.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c42d2d96-b00f-50ae-98c0-4f1080631c76","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzsimgxmjse.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzsimgxmjse.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a5c2ef-fdf2-5ada-9332-e620b2045cb1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzsimgxmjse.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzsimgxmjse.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7799800-848f-5a84-9af3-2ca16ed5ba87","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzhaeuhucba.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzhaeuhucba.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c553d624-ee14-545b-af21-4eec25ec9a8f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzhaeuhucba.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzhaeuhucba.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebc190e3-1789-50ef-862f-37d41a92a7f0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzfznmyeovb.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzfznmyeovb.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--42b0c3af-78e7-5c6d-9842-adfce9ddd99b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzfznmyeovb.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzfznmyeovb.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc16127a-c044-5198-a008-6586d6d1de38","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzomshrstkm.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzomshrstkm.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--477224b4-dea8-5fc3-8063-72891f38d323","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzomshrstkm.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzomshrstkm.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd22130d-70f3-5de4-931a-ea029a3ebbef","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imyflphhjqu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imyflphhjqu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a7cde8f-eedd-58b1-9404-10e9578f9c6c","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imyflphhjqu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imyflphhjqu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8970a5d0-1cfb-53fa-9198-7df823b064c7","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imweqtnvyqw.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imweqtnvyqw.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2d1b89d-ad4f-5e99-88ab-09aa03c86d86","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imweqtnvyqw.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imweqtnvyqw.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--784641ee-51c0-5aa6-b623-850517669fa0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imhsvamtlso.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imhsvamtlso.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3b05606-1583-5e99-a592-a3b1cbb3c8b1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imhsvamtlso.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imhsvamtlso.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07ce300e-3e84-5830-8553-6a98149f18c6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imhyuyzlmix.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imhyuyzlmix.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aad5dc39-42aa-549b-b45f-bddb0dcaecda","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imhyuyzlmix.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imhyuyzlmix.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c44578ef-8383-5c50-98d2-f4f6392c11c3","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imxdxzhmtju.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imxdxzhmtju.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f21ba838-feaa-582b-a729-0095a2d81ef1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imxdxzhmtju.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imxdxzhmtju.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d23ed644-47c0-5c0c-86a6-2f9294d6ed10","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imnxofrpdik.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imnxofrpdik.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82d32ff2-0952-5b36-9351-c43b4aab5e58","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imnxofrpdik.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imnxofrpdik.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34ce6f9e-3c1d-59fa-8e31-9d265032f013","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imiiuyuvhfe.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imiiuyuvhfe.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7946fcee-dc6d-53c7-b97f-93decfb2efdb","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imiiuyuvhfe.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imiiuyuvhfe.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9f75c8f-4e0d-5a43-85be-dd90b267922b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imypevsnxap.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imypevsnxap.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ea8825c-5a74-5de5-b377-bb762187d914","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imypevsnxap.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imypevsnxap.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02e5ceab-d99e-5f9e-a17c-56766ff65cc3","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imhsiexkoyz.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imhsiexkoyz.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92d48e7c-fc5c-5d80-8b11-107315c52f32","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imhsiexkoyz.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imhsiexkoyz.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2db7ccbe-2a5f-5a7a-8671-a3521bdefede","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imorelrlvgj.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imorelrlvgj.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7864eae-8749-5c14-98f2-8fd413082e3d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imorelrlvgj.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imorelrlvgj.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86c7b73e-06e9-5998-8037-fa710b53b450","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imlqzydpehu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imlqzydpehu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb6495fe-9e27-5f3a-b110-e2d59ebe9ad6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imlqzydpehu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imlqzydpehu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f9bfef1-431d-5913-8607-47b40954e1b6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imnnaghfftl.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imnnaghfftl.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03d08577-ee0f-5383-ac77-d9167c6de8c2","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imnnaghfftl.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imnnaghfftl.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--087999d2-941f-50e9-8c38-f3e88567ceb9","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"impolsmes.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'impolsmes.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bad33c4-974a-5138-b03f-97f95bafb446","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://impolsmes.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://impolsmes.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca139711-1dd5-57b6-aab2-1e60b5a95e46","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imltrdtzo.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imltrdtzo.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--530bdeaf-8037-5f64-8d1a-77968cbc5cfb","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imltrdtzo.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imltrdtzo.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--717fe050-50e1-5ee1-9af5-0cd3018919e4","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imhpqwwma.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imhpqwwma.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46d9ccf1-7115-5bbb-92ae-36e0ddf16c3d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imhpqwwma.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imhpqwwma.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce021e54-0692-59f2-bb20-13756e987082","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imeij2jof.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imeij2jof.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29ab1e4b-9822-5a88-be64-528bc4fb8aaf","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imeij2jof.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imeij2jof.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7c5361e-8f64-5747-9837-3ae0dffe98b8","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imnrhbcpg.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imnrhbcpg.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe39fb67-6454-56e7-86d6-92471d40ab4b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imnrhbcpg.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imnrhbcpg.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4b05fe8-7a41-5ce4-a069-29baea13145b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imqkodvnh.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imqkodvnh.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff9347c8-d176-5859-8de5-cad9984ddeb1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imqkodvnh.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imqkodvnh.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f17e361e-f06e-5efd-9b03-b6de448e279e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imawiirlf.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imawiirlf.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44239f23-0436-526d-96a5-8e58cee0f967","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imawiirlf.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imawiirlf.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d02463ce-7c78-5d4b-abe6-e144479b2803","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imdildckx.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imdildckx.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f5410e9-0c1b-5a8d-95b5-4dedb8ad31e5","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imdildckx.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imdildckx.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eefc789f-2dce-5d42-b4e9-10e80f203ee1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imfueakgr.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imfueakgr.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c33c4ca2-6ec7-50eb-a7d7-49b78f337048","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imfueakgr.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imfueakgr.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--216ed232-8a9d-54ba-989a-2b0c38f1cd8b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imeqlvedp.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imeqlvedp.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c96ca4de-e510-53d3-9220-2a8b4ed8e881","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imeqlvedp.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imeqlvedp.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d15ff38-19d0-563d-92c3-0bb34f59df0b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imzrutppj.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzrutppj.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--952d8df9-08be-51a4-b1d6-2fbaa58dbd68","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imzrutppj.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzrutppj.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9577d6e-58e1-590e-897e-2823a540b997","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imwywutdl.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imwywutdl.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--419f27b1-71b0-53f4-a3f6-70c8636fffe1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imwywutdl.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imwywutdl.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e29ad360-4d7f-59ec-990f-c5fa13bae047","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imofwmyzu.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imofwmyzu.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c65e5ace-074b-5a35-83a7-e114abf0a7a1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imofwmyzu.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imofwmyzu.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9db6db4d-396f-5a1d-bee3-bea9e3800eab","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imklevubf.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imklevubf.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34410625-2864-5cd6-81c0-6c52156e5bf1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imklevubf.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imklevubf.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe6ab11b-ee92-561a-a718-b041e2edd093","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imwfbmotn.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imwfbmotn.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--146644d7-36b4-5eab-84ca-43d8e40e7d28","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imwfbmotn.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imwfbmotn.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7df04a25-9598-5107-8680-054f3c26377c","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imuvtahho.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imuvtahho.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7833d61-e628-5631-b7aa-e64600026375","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imuvtahho.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imuvtahho.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44bdc968-4616-516f-b0af-8b20fae9acae","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imqyeosse.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imqyeosse.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8bf1a6f-baaa-5f59-bad0-67dbc778f443","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imqyeosse.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imqyeosse.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--456a11e5-b981-51bb-bb93-eee675111655","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imkxrlawh.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imkxrlawh.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--841bee73-720e-5e71-95f4-30b24bd3ab07","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imkxrlawh.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imkxrlawh.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a10b8c5b-d0bc-558f-9a50-03c735335cb9","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imgkbwcaa.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imgkbwcaa.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98e8e909-2729-5cb4-9519-a2d64ebf37d0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imgkbwcaa.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imgkbwcaa.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53090444-3c51-5eed-ac96-7c9b928e965d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imevznwcg.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imevznwcg.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b025f6b-f154-5460-9ddc-b21a3535f48d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imevznwcg.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imevznwcg.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b9fbcb1-e103-5b90-a482-460295fa920d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imewesroh.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imewesroh.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8912f788-26be-5ca7-8044-488418ef597f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imewesroh.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imewesroh.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ba9437d-3875-525c-b8d6-ef2cda3e73ab","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imacfgmbf.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imacfgmbf.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5d30b61-0fe3-5d10-b64c-0f696cb9b613","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imacfgmbf.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imacfgmbf.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f59fa26f-6d60-5c25-b704-0666738701e8","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"imeasniku.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imeasniku.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f70a6272-7742-5f51-8f04-323ff70cbe50","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://imeasniku.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imeasniku.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9098838-4803-5050-a812-137b3d84429f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmxpybvuc.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmxpybvuc.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd0c086f-bad2-52e6-8ebb-c3f387e162f3","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmxpybvuc.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmxpybvuc.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb842801-41f6-50c3-83a8-2e9b87e9012b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmhszflpi.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmhszflpi.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--082769c3-bc10-51e5-b69b-a7c1d0b329cc","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmhszflpi.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmhszflpi.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34394504-3bf7-57d5-8621-c761e6db2ab6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmlgnwldm.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlgnwldm.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e53fcfb2-88cb-5ec7-927e-4ce95f815446","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmlgnwldm.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlgnwldm.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e82e51f-99cb-5215-92db-b8a68f5a6b29","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmmslgieh.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmmslgieh.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e55d7a67-8939-51ff-81c3-e4fc1eeff194","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmmslgieh.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmmslgieh.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ef1aa08-a590-5669-9094-ee3f6c22fdd1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmxazemwg.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmxazemwg.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f645bf3-2a2c-54a0-b9e1-f0f7bd843bc0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmxazemwg.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmxazemwg.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ba39be2-5155-5222-8c9d-1b6c1021986f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmitjxofe.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmitjxofe.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--960f3b90-4a71-5943-89b9-aead61b8fa45","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmitjxofe.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmitjxofe.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--141500ad-04e3-5ab7-81e9-b43d05920eb0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmlvlkmrx.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlvlkmrx.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4388a145-d58e-5dca-a6e7-052cd51cafff","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmlvlkmrx.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlvlkmrx.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56fa2cd8-84b1-5f8f-8248-4e9c9fe74604","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmdihnrqd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmdihnrqd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--022b5392-8ac4-5d78-a5c6-eaa95799615c","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmdihnrqd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmdihnrqd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--053b1a5c-781f-533f-8a8a-5a01dbe179a9","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmlxyvdfd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlxyvdfd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0601fd4-c703-59a9-b1c8-4f143b47635e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmlxyvdfd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlxyvdfd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f86f2b0-34f5-526d-aea8-8cd66ceb7e51","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmluuuyqv.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmluuuyqv.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a0c9774-5c97-515d-b284-9c98a8816226","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmluuuyqv.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmluuuyqv.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dad5f0c8-89ee-57f1-98f2-8e30298baa66","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmlicoxiy.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlicoxiy.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--20c3db4e-89c3-50b4-8148-0e9dda25db58","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmlicoxiy.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlicoxiy.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9e22d6f-ff88-5596-bc87-ae2285291528","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmpavordl.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmpavordl.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f63be246-3693-5b8a-be16-3dcc0ca66aa8","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmpavordl.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmpavordl.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e471e109-bf66-536d-89d6-52eba52771b6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmpzzjggs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmpzzjggs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1516122b-56e8-568b-a1c6-61b6129f3c43","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmpzzjggs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmpzzjggs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc91eb8a-c782-53c3-a90e-2efd83ea517a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmvrbxkgs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmvrbxkgs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c3102ce-75df-5fb3-9f7b-59f8a3099ffe","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmvrbxkgs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmvrbxkgs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--521849b2-7d13-5769-889b-067f7cddc6ed","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmqmrttdo.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmqmrttdo.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52260713-0d0f-5a90-85c8-3e4127eab023","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmqmrttdo.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmqmrttdo.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9f5ab22-a894-5ad1-a493-9da68bb36790","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmgysllbn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmgysllbn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ce0f481-ea4b-55e1-a92f-97e742fc867e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmgysllbn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmgysllbn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f0a63a6-9ce0-541f-875e-99203c76e526","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmbjutevk.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmbjutevk.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ae6434e-bd91-5d06-8cfa-0a6a557b0bbc","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmbjutevk.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmbjutevk.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--371a3a8e-b030-53bd-843e-aa02b6d92c7d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmlojxudi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlojxudi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba003de5-ff87-5327-83a2-038935f51ab2","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmlojxudi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlojxudi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92d9a166-4a7c-51d5-bb53-d84700acedd9","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmalfgloi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmalfgloi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cafbf246-657b-5596-a41e-83e42086c4e2","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmalfgloi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmalfgloi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9195ca3c-c3b9-565f-9dbf-d65574bc7680","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmaiyvhxx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmaiyvhxx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--964e90cd-3d4d-54bc-9a8b-9f2182908d87","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmaiyvhxx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmaiyvhxx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e78d764-ad25-521e-a2ca-24dbc1475f01","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmshyqlvd.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmshyqlvd.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd46c997-d9d0-5ecc-ae14-1b1b7ba47e7d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmshyqlvd.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmshyqlvd.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26126a71-0e77-53e4-b688-460c1c6af242","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmpomqnzl.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmpomqnzl.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03448f12-bac5-57dd-8fb4-856fef0a51de","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmpomqnzl.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmpomqnzl.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9cc2635-511a-5c2e-882a-a0ad5f87d2d1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmrtuleuq.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmrtuleuq.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dfaae312-23e3-52d7-811f-f031b7015b7f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmrtuleuq.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmrtuleuq.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db79c681-d0a7-5558-b1e3-5050ffe10956","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmnqgrdvi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmnqgrdvi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--addb9cba-e80b-59ff-bb51-8454bacea26b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmnqgrdvi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmnqgrdvi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37305010-5768-592d-841a-f04ef4b39b1a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmypfihui.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmypfihui.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66f63e99-be4a-5565-8559-94e8ed59ebbc","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmypfihui.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmypfihui.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5015cc98-04d3-5ec1-93f7-b42ec049e62a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmlwykhre.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlwykhre.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a564734-1c93-5931-977a-e5e450ba847c","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmlwykhre.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlwykhre.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--968da71a-439b-565e-ace9-45d815752b3b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"hmhlfzokh.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmhlfzokh.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05290247-8442-5ddc-8779-64d22fe416dd","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://hmhlfzokh.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmhlfzokh.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4d3dcbf-dbe0-57f1-ab34-d26cf08b1a71","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gseminuko.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gseminuko.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fccc606-6f99-5183-99bb-b4a0cbc7e208","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gseminuko.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gseminuko.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--402d27ce-3301-5304-93a8-6510937d6521","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmnwdhnupf.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmnwdhnupf.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2c0e3fe-e932-5fcc-b6e5-ac161f2a50d9","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmnwdhnupf.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmnwdhnupf.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1446c885-acc1-5f9a-9af9-1fa176ff8d07","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmjryqloxn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmjryqloxn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb51a11e-a821-5569-9f68-e57de7805be3","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmjryqloxn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmjryqloxn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bfff3411-7c44-5a23-9711-d8911e9df9b2","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmvbchibgq.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmvbchibgq.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e71a78dd-f084-56b3-8900-71ed2428becb","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmvbchibgq.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmvbchibgq.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36a558cc-2de1-5ba8-8b22-8466cdd452ef","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmhbilzscs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmhbilzscs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c254869-e837-5dd3-9876-e845ae122ffe","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmhbilzscs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmhbilzscs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d786bc57-7c7a-5b42-a44b-8cc3f866e39e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmycyrkwsq.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmycyrkwsq.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2634c8cd-f15e-5214-b12b-a2d4dc0dafdc","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmycyrkwsq.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmycyrkwsq.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--210d9a98-8cb2-59c8-bd5b-b234bbe25886","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmeinuljww.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmeinuljww.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c477f544-c611-57a2-9b8c-d43f260efadd","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmeinuljww.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmeinuljww.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7d0e7a1-6e63-5768-a428-d6a32b2eacfd","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmgwuancky.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmgwuancky.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--019b0f84-c6d8-5cb4-9b3b-42e2bda9d762","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmgwuancky.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmgwuancky.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a00019fa-392d-5515-b6d4-77ca526a58db","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmdqriyusm.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmdqriyusm.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed440d35-5743-5967-aee6-a4503e992cc5","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmdqriyusm.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmdqriyusm.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6c904b5-b193-557b-b02c-c32a9061b832","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmfvuwioeweh.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmfvuwioeweh.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4cf7709-becc-5193-ad0c-6f31c64fa8b3","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmfvuwioeweh.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmfvuwioeweh.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad9291b4-9ff3-54da-ab71-4f52cf4fe389","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmgwuahbji.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmgwuahbji.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adb59e44-b403-581e-981e-4851c00b0214","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmgwuahbji.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmgwuahbji.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d5a266e-610a-579e-82b8-fdad8df4bdc0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gmbxacmels.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmbxacmels.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ef90042-7e2e-5bc2-a134-e15528de6ccd","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gmbxacmels.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmbxacmels.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a72a24e-44f5-59f0-b206-2d1db2118295","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gpointedinfo.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gpointedinfo.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9de9e5dd-7eb9-5ee1-87d2-18152ba40fe8","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gpointedinfo.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gpointedinfo.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2523070b-99a0-5104-810d-fa1bfc54252f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gpotmains.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gpotmains.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--901876eb-a908-5159-ae49-a8507cebb9d3","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gpotmains.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gpotmains.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b760978-6c13-5970-a1ff-466324b388bb","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"fpericyjin.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fpericyjin.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3cc21a6-9aa8-56b0-962f-dad4eb0c038b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://fpericyjin.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fpericyjin.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4320fa17-4343-54e7-b67b-8dc08f25e49d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"folkd9info.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'folkd9info.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8835b3d-dada-5ed7-a4b0-ec181a590f2f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://folkd9info.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://folkd9info.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97cb7f3a-9418-5f95-8872-eb54ec1c19f6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"flexinfon.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'flexinfon.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49f7824f-2ce8-550b-8523-14d70c3fa993","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://flexinfon.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://flexinfon.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6f543bc-0a20-50ba-bac9-d9d96b2c4a25","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"fkonsqilz.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fkonsqilz.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a486e4f-75e2-5d16-a24d-2cd79101f999","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://fkonsqilz.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fkonsqilz.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17941875-265a-51d0-a546-ea234c9e3da4","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"fisnispull.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fisnispull.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce8f8d48-3088-5f92-9063-1e42c3d0115d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://fisnispull.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fisnispull.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a82a820c-6293-527f-a2ab-858cd882102b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"fhozinftei.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fhozinftei.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ba28c9e-9ff3-5874-a7f7-0e2c31ec94ad","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://fhozinftei.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fhozinftei.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--622de4f6-93ec-5f04-8b40-e3b5d92de548","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"eonse71hc.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eonse71hc.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63f60a6a-8b0e-5e06-b5be-1e0e84574e09","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://eonse71hc.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eonse71hc.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93269fdf-1c4e-5b37-b803-9dcfe9d356b2","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"fhopcixim.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fhopcixim.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dadb9761-b317-5a04-a38a-06480a0f8179","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://fhopcixim.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fhopcixim.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48051202-d83b-53e5-94fb-cdf3c8019203","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"fearinronz.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fearinronz.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56954d24-a0b3-55e4-948c-ea2c88e67f07","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://fearinronz.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fearinronz.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--484108aa-c3bf-5a2c-959c-816465ef243e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"fcaset29.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fcaset29.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f3af1db-ddb3-5938-8543-fd11e1880ec4","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://fcaset29.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fcaset29.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31f94461-9605-545c-8cd4-2e9d1063046e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"epa12cdiq.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'epa12cdiq.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89238fbc-8927-5908-8d10-b8d5b40f754e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://epa12cdiq.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://epa12cdiq.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--959d8a22-a98f-5f00-b51b-184d8563af9e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"ec8yxeon.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ec8yxeon.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43da6fee-2b9c-5b84-8fc3-8fb1cfca20df","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://ec8yxeon.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ec8yxeon.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--09a46f03-0b4a-5908-8c18-de52d891207e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"edn8uo7z.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edn8uo7z.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b43bb69d-1476-534b-a306-ecceac4cc517","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://edn8uo7z.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edn8uo7z.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd911ca3-afa7-518c-b133-e828330ffc64","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"eo90boios.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eo90boios.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6350e48-92db-57ed-a95c-1d219c149bb4","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://eo90boios.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eo90boios.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--865cda2c-1cb5-5a8d-8bf6-86387cf3674d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"e1ia92c90tz.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e1ia92c90tz.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1962a6be-1e4d-5799-aece-cc13223d14e9","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://e1ia92c90tz.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://e1ia92c90tz.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--706d8bb3-1804-59b6-a59a-dc64754a3d13","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"einfa8a30.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'einfa8a30.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7365ef04-4d1a-5a07-a136-8802b9e96dde","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://einfa8a30.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://einfa8a30.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--963a8f34-f419-5d02-ae8f-c0749c556d30","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"ef125dioaz4.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ef125dioaz4.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d00588fd-0ed9-5486-a709-9e205ba0510c","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://ef125dioaz4.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ef125dioaz4.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7d27d4b-78e5-535e-8907-c66f7ed8431f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"evisin193.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'evisin193.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c54f464e-19cd-5a20-9b4f-9fcba2259cd4","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://evisin193.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://evisin193.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1de01ed7-4fa2-5c8b-896c-fb3fc0668a2a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"esimdgit1.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'esimdgit1.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--360b805b-9b3a-518a-892c-243716cf07b0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://esimdgit1.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://esimdgit1.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cf8094a-a4bd-5da7-b1ae-e180850dc3ee","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"daurora.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'daurora.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26b91549-3b94-5fe7-82bc-f43130dec81a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://daurora.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://daurora.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9e6fa7e-6bd5-541d-939b-9acbd0fd6afa","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"dtickaree.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dtickaree.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c600466-ec0d-51a6-9e69-fdc37af496a1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://dtickaree.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dtickaree.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc1af65b-7174-5589-bef4-0f52110cea77","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"duxopenor.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'duxopenor.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--13d24792-f365-5952-a30e-4f70cefc5ebe","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://duxopenor.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://duxopenor.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17ed1f40-7feb-554e-acdf-6e926bd30b65","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"dynazdom.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dynazdom.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fb9a942-14ff-54ae-a4c9-5d1db727503f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://dynazdom.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dynazdom.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02f1d717-fd84-5e04-a9d8-3c294e4f6ee2","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"dsarapiz9.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dsarapiz9.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f44237ce-16c7-593f-bd78-161cf0fdefcc","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://dsarapiz9.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dsarapiz9.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58585d08-e3fa-5e4e-85ac-a3ab83902574","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"dso9asops.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dso9asops.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd15e282-0356-5aca-a771-9acf45535326","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://dso9asops.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dso9asops.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--141b2e84-8ed2-5990-b536-4a2203391fd7","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"dcamso10.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dcamso10.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16becda0-1937-5f01-b26f-f4416a3f08f8","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://dcamso10.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dcamso10.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--277dbe1b-9c46-59a3-8e51-de9b0bb73447","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"dhonexc.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dhonexc.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36a103d4-8534-5319-8d9d-5606d2572440","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://dhonexc.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dhonexc.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6bdf967-dc4a-56e9-b811-4ba074d97a79","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"dsolanosi.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dsolanosi.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3f81a8e-045b-5a16-b311-1bc4ea8518d6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://dsolanosi.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dsolanosi.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d50a289-4d5b-5ced-930c-acf34094b13a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"412949853a02b.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '412949853a02b.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d16d8b2-bb1f-5b9e-ae1c-a20da0c3d7e4","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://412949853a02b.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://412949853a02b.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--029f859e-7d43-552a-991a-49b2f59616c9","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"us2loadinfo.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'us2loadinfo.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef9245f0-6fad-5629-b7ce-7fd3aab6dde0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://us2loadinfo.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://us2loadinfo.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adb9ca41-245f-5f41-a3e8-71e9a2b6ca0e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"eclodfast20.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eclodfast20.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34921434-dbc7-5702-b1f4-6d0c6a73480a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://eclodfast20.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eclodfast20.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d43bb758-e5f3-5e61-97af-34e70a5e4b2c","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"e10a9e5.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e10a9e5.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6380e322-6015-51b8-b925-8d49bce7111e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://e10a9e5.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://e10a9e5.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ac6f382-a161-52a3-acea-42672b9f8c2a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"t18delivery.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 't18delivery.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46568a5d-06b2-505e-b55d-b0288e755535","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://t18delivery.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t18delivery.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3193511-8a75-5f74-b211-0a833fb88766","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"comdeliv72.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'comdeliv72.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c42f96af-baac-5f31-94d0-5f49fed8683f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://comdeliv72.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://comdeliv72.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db6447cf-290e-5ec0-b827-cb94838f805b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"deon0capload.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'deon0capload.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c2e72a2-10eb-576e-90b4-aca3d5c4efad","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://deon0capload.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://deon0capload.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ff17032-979d-5dba-9e6d-5742c5c40103","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"trackinfo0.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'trackinfo0.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c74e7d64-da2a-5643-b81d-af302e8e5329","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://trackinfo0.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://trackinfo0.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d63b988b-7841-5d14-8fef-715eeac247f7","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"sudeliveryn.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sudeliveryn.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cb34bd0-4111-520c-9b3e-e83077782e32","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://sudeliveryn.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sudeliveryn.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6521ff2-172d-5054-9474-b432ef62f532","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"eclodfast20.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eclodfast20.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e74d26e-99d4-5ff3-ade6-d9d52aad92b9","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://eclodfast20.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eclodfast20.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4eb68a08-b294-50ff-973c-6a88e02e8c34","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"ecxfastpostx.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ecxfastpostx.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--396bedb4-dcd9-5d93-908d-bba30b81d7bd","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://ecxfastpostx.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ecxfastpostx.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--543db785-2100-570f-8133-65bee188a182","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"comdeliv72.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'comdeliv72.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--696d0f45-83ec-5396-b5d0-0a02ec06f20e","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://comdeliv72.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://comdeliv72.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27f36899-0c4d-5e2f-88c6-7c25b5e94bd1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"trackinfo0.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'trackinfo0.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ce716f4-c3f7-53ac-bfee-677dacd0edce","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://trackinfo0.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://trackinfo0.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a79e8c4-d8ff-56ee-98e4-b06588678057","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"us2loadinfo.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'us2loadinfo.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33ae6c5f-c2ee-51bf-88bf-3cceded402f6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://us2loadinfo.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://us2loadinfo.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0382fe2c-f5e3-52fe-b914-4a94adb0ea41","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"sudeliveryn.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sudeliveryn.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61c9a3b8-f504-5260-be5e-75450f2f7c75","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://sudeliveryn.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sudeliveryn.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31067cc1-e446-5dd1-af8b-e15a656a8668","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"micload4.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'micload4.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a649d961-1ea4-54dd-870f-23366abf60d6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://micload4.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://micload4.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--796c42a4-198b-5249-8dcf-513da561cc74","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"t5delivery.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 't5delivery.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f6e6795-7f3e-5d07-982d-e3b274732dcd","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://t5delivery.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t5delivery.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f596416-d2cc-5441-bf48-a5fd6faca664","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"ecxloadon.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ecxloadon.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47ebd830-e3fa-5ac1-b4e0-cbd7002468f5","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://ecxloadon.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ecxloadon.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d0fef8b-78d0-5535-a327-8ea11aba3a3a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"deon0capload.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'deon0capload.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6c86643-5bf3-5872-ae3a-4b0383731c8a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://deon0capload.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://deon0capload.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23743534-f611-5708-80d9-c2bc727dd99a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"gate.dnsrd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gate.dnsrd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--734b7f11-0504-549c-a7ed-d746b8f9b548","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://gate.dnsrd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gate.dnsrd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9973779a-cd6b-59f0-bc5a-a6680065bdc6","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"camcdeliver.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'camcdeliver.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d6fc3ce-9f8e-5061-aaa7-1ac75a68683c","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://camcdeliver.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://camcdeliver.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66a798da-87a8-5d9f-b49d-9aaf5cc896b8","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"a51a.otzo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'a51a.otzo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9162c00-cecb-57b2-9208-e6659d9f832b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://a51a.otzo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://a51a.otzo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59c39227-6333-5b8c-ba3e-03526e8eddc2","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"42019239a0s0be.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '42019239a0s0be.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56437815-172c-56d4-96df-6774dcb26784","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://42019239a0s0be.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://42019239a0s0be.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--105ece05-818d-5627-be05-837832bd4cae","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"4c0a910fba9s1235.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '4c0a910fba9s1235.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37a3e308-2da5-5e75-a1b3-55b7b0285140","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://4c0a910fba9s1235.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://4c0a910fba9s1235.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98c5bfdb-2420-5438-b75e-f032ab5db092","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"419298as9bo2.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '419298as9bo2.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f501abed-5d33-5479-a5ec-acfbd0a94740","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://419298as9bo2.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://419298as9bo2.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31958301-82cc-5b16-9cbb-c1f18e562d1d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"491va9924abef1.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '491va9924abef1.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e255be7e-7cf1-511e-a728-ddd95e24d06d","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://491va9924abef1.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://491va9924abef1.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68b15520-bc3d-5d23-b619-42d77b769b59","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"48716ba0dea01.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '48716ba0dea01.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1369ca46-1599-5c95-8557-79594dec0a81","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://48716ba0dea01.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://48716ba0dea01.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86e06d48-f310-5f67-a4eb-f0660712d935","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"48d9a9120bae.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '48d9a9120bae.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5a68839-9cbe-5628-97ae-9165018043b4","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://48d9a9120bae.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://48d9a9120bae.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f8cc567-ad8b-57b6-86f3-a33823eb78b0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"441929450c2er.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '441929450c2er.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c427a81-65ae-5714-9c28-904c6905ebfa","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://441929450c2er.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://441929450c2er.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--371a099d-c1e0-5ed7-a6b6-4872a8d2dfb9","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"4d0q91239eqb5.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '4d0q91239eqb5.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--493d2ae4-3dfb-50c7-b26c-eac2089e0762","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://4d0q91239eqb5.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://4d0q91239eqb5.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6cc041ec-8e41-5b8b-a4fc-1a8e02e488e7","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"489817asd9bo.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '489817asd9bo.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f830139a-a624-54ee-9b03-eacbfca412e1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://489817asd9bo.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://489817asd9bo.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71cf091b-68ca-55f6-80f3-437b08c85dad","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"di812fvz.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'di812fvz.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--088a7337-73bf-5912-85cf-95a2fb617b1a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://di812fvz.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://di812fvz.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed1680f7-dc86-5571-8a22-4bc8da1bd62a","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"p291z0sin04a9.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'p291z0sin04a9.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86189d49-03b4-5972-aa06-b3f83bde50d1","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://p291z0sin04a9.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p291z0sin04a9.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44d73e7d-11be-5801-ad0f-c5de769fe61b","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"as912jci1.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'as912jci1.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fbed31c-0a23-58a3-a246-3ced2e030582","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://as912jci1.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://as912jci1.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e72a9ad-6f8a-5111-9a1e-955485f4b5ba","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"1928fjcia025.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '1928fjcia025.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--757e2398-019f-511f-add0-ec6a0eca9e10","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://1928fjcia025.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://1928fjcia025.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c6080d1-d04a-5049-80b0-f33689a9f715","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"c0ea0s217.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'c0ea0s217.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5d4cc38-a01f-5d9b-be2f-2906ad0ff294","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://c0ea0s217.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://c0ea0s217.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84899a41-f2d2-5638-b183-f7091c89a009","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"00a7c185.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '00a7c185.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9b20961-d731-5b00-a945-f9e61ff9e1d0","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://00a7c185.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://00a7c185.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1acca91a-36ca-5204-92f2-43a6ef022373","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"96ad0e.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '96ad0e.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bff8d1a2-c2cf-5da2-9012-22173d0b1401","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://96ad0e.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://96ad0e.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10da5646-6f2e-555c-b8b7-40d4a86fcf28","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"102c928da265b.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '102c928da265b.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c1c4732-fc8b-5d21-a2cd-12c5180746ff","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://102c928da265b.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://102c928da265b.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8432931d-8b16-5893-8a2a-e20fd893e55f","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"http://152.32.139.126","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://152.32.139.126']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62187b98-f0da-5407-8a7f-9cf5565456fe","created":"2026-05-06T18:47:00.000Z","modified":"2026-05-06T18:47:00.000Z","valid_from":"2026-05-06T18:47:00.000Z","name":"152.32.139.126","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '152.32.139.126']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052098015180317058"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37a4803b-6a06-5c6f-a213-cffbb0d73b19","created":"2026-05-06T19:16:00.000Z","modified":"2026-05-06T19:16:00.000Z","valid_from":"2026-05-06T19:16:00.000Z","name":"sites.plscatopay.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sites.plscatopay.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052105206658129980"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96819e18-ea48-55e8-a798-c7a7d3e97ea0","created":"2026-05-06T19:16:00.000Z","modified":"2026-05-06T19:16:00.000Z","valid_from":"2026-05-06T19:16:00.000Z","name":"http://sites.plscatopay.cfd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sites.plscatopay.cfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052105206658129980"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--380d5bac-6791-5f4f-94cf-d9bedd903229","created":"2026-05-06T20:09:00.000Z","modified":"2026-05-06T20:09:00.000Z","valid_from":"2026-05-06T20:09:00.000Z","name":"ceaf050a4da26a8198198b570407ed8fef46e528f740115faeac45f28e821032","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'ceaf050a4da26a8198198b570407ed8fef46e528f740115faeac45f28e821032']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052118565814243516"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a310ef0e-aa58-5051-9cd0-4596c3110b68","created":"2026-05-06T20:15:00.000Z","modified":"2026-05-06T20:15:00.000Z","valid_from":"2026-05-06T20:15:00.000Z","name":"602fb8fcee0f027bf701813de1b9f637c78b5a25c6e2e70a7bc64f558cc712dc","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '602fb8fcee0f027bf701813de1b9f637c78b5a25c6e2e70a7bc64f558cc712dc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052119972382429688"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f86c13e-842c-52ae-b9d1-b7b7be4a2c0f","created":"2026-05-06T20:41:00.000Z","modified":"2026-05-06T20:41:00.000Z","valid_from":"2026-05-06T20:41:00.000Z","name":"http://65.109.55.181:8181/login","description":"IOC reported by @1ZRR4H on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://65.109.55.181:8181/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/1ZRR4H/status/2052126740265263476"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b224f47-107a-5197-9691-d5e45594dc4e","created":"2026-05-06T20:41:00.000Z","modified":"2026-05-06T20:41:00.000Z","valid_from":"2026-05-06T20:41:00.000Z","name":"65.109.55.181","description":"IOC reported by @1ZRR4H on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '65.109.55.181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/1ZRR4H/status/2052126740265263476"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7e9db3b-197c-5f46-843b-75363b6f3a3a","created":"2026-05-06T20:41:00.000Z","modified":"2026-05-06T20:41:00.000Z","valid_from":"2026-05-06T20:41:00.000Z","name":"05ed7725dd78d20c8fe5bf1a130fb095571f49d56efa0529b8cc0be0a6a1a97f","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '05ed7725dd78d20c8fe5bf1a130fb095571f49d56efa0529b8cc0be0a6a1a97f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2052126733936071097"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5848be4d-1f10-5795-941a-f1959a2df8ef","created":"2026-05-06T20:54:00.000Z","modified":"2026-05-06T20:54:00.000Z","valid_from":"2026-05-06T20:54:00.000Z","name":"resume.io","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'resume.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052129819115040874"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--087a33ca-bbc6-58f5-aa33-fc34ac00f065","created":"2026-05-06T20:54:00.000Z","modified":"2026-05-06T20:54:00.000Z","valid_from":"2026-05-06T20:54:00.000Z","name":"https://resume.io/r/ne37s0Tod","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://resume.io/r/ne37s0Tod']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052129819115040874"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c51f65b-bed0-546b-8749-80546425e3db","created":"2026-05-06T20:54:00.000Z","modified":"2026-05-06T20:54:00.000Z","valid_from":"2026-05-06T20:54:00.000Z","name":"3.168.102.2","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '3.168.102.2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052129819115040874"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c29dc97-caa9-52c1-8cab-7da14a59fb6b","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"ad9k.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ad9k.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6859e4ba-03f2-54be-9354-a642b248fcb3","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://ad9k.site/l/4n96iC1j","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ad9k.site/l/4n96iC1j']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f065b5de-ee47-59f7-bd12-aa9142eee523","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"b47t.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'b47t.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a45b7b46-526a-50bc-9f37-56391e1e0aa3","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://b47t.site/l/dzeABoei","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://b47t.site/l/dzeABoei']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1bb9c9a-9a17-5353-84a2-3ddae339406c","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://b47t.site/l/vwNQ3Vsd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://b47t.site/l/vwNQ3Vsd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb86c9ba-c9d1-53ad-857f-e04453b9bec4","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://b47t.site/l/WKs6IXW9","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://b47t.site/l/WKs6IXW9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27a7e541-0793-57cd-acb5-1f217aaa89a6","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"g83u.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'g83u.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e33f472f-1338-59f3-9c63-45b214ffd485","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/6X5SBGY2","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/6X5SBGY2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bcc13000-7110-5fb9-a664-0618ff8b9467","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/iS3GcEm8","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/iS3GcEm8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec4cd3e9-cd29-5dba-b09c-6662ec741f48","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/JWn01E5N","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/JWn01E5N']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21f33866-cd49-5e84-b968-0612c26aea43","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/k2ZQRHhA","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/k2ZQRHhA']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--938301d0-e0bf-57d7-9e74-c7ffe917233e","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/k3SUweXw","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/k3SUweXw']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--995d0d2c-f682-595f-a03d-d7de567d0a37","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/l5J0asDH","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/l5J0asDH']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b13dad29-fe92-5052-904d-6833753c3939","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/loGzKJ3w","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/loGzKJ3w']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--313ffc35-e614-58cd-b82b-7043a39fc68d","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/N8ZQHmpC","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/N8ZQHmpC']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d46777b-714a-5e28-9a43-6581afb749ec","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/OTBd9VDf","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/OTBd9VDf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e820e43-a1bf-53f8-be14-2aacc1ef2048","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/R4eygOOU","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/R4eygOOU']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ffd3d5d-6cf5-5c93-830c-0050ab27a803","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g83u.site/l/sOELXfSB","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site/l/sOELXfSB']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a890e500-89d8-5ec4-b938-0bedb264631f","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"g86d.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'g86d.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6939668-9e19-510c-8d0d-b47b30922a7c","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g86d.com/l/CSCfkNOV","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g86d.com/l/CSCfkNOV']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff29343c-c925-5a20-b319-d1c391054267","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g86d.com/l/en8UCIA6","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g86d.com/l/en8UCIA6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fcff07f2-c7b3-5771-b9e0-d4c139d6ff64","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g86d.com/l/kRQ9AmvB","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g86d.com/l/kRQ9AmvB']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b394ca1e-f7ae-5b67-97a2-64baa0f1f0d6","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g86d.com/l/KsNi3u8Q","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g86d.com/l/KsNi3u8Q']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec630961-7a61-5e74-8a44-287349c6cfd3","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g86d.com/l/TpcHBFfu","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g86d.com/l/TpcHBFfu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f682bf05-770e-544d-aa6e-f2ef5b8beb17","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g86d.com/l/uTWkgwcp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g86d.com/l/uTWkgwcp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f88592f3-5f5a-5524-9d7a-447340dd8b6b","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g86d.com/l/xjoxTL0H","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g86d.com/l/xjoxTL0H']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35b83254-ef07-5a6c-9b23-a08eca0664ff","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://g86d.com/l/YtDCN5ef","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g86d.com/l/YtDCN5ef']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b7f3c7c-2711-574d-915e-ef5fb2b20037","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"h32k.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'h32k.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a6f0f2e-f65b-520c-98a8-0d5fbef2659a","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/3O55yD5E","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/3O55yD5E']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5aa33e0a-0deb-5853-9feb-62e69028773a","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/5o1Y3oA6","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/5o1Y3oA6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50ea3270-cf28-5222-a548-b0eb71e98d5b","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/6EpOMIGb","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/6EpOMIGb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a90934e-537a-534f-8ddc-952135bd5abc","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/8mK1mYAa","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/8mK1mYAa']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5128cee7-2b29-5f7d-b3ff-6b6e5bcb2bde","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/9azgZcP3","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/9azgZcP3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d8282d7-4233-532e-bd50-2b2403906e17","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/cDntx8gD","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/cDntx8gD']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a931f70c-4c0e-564e-b785-88c02cb1f11e","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/D8VHWe5D","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/D8VHWe5D']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23a70287-4da7-5b76-8fcc-fcdbdf65f2f9","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/NjIvf6AA","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/NjIvf6AA']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41aa503a-cd1c-5e6b-aa53-f60724b77cbd","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/onAp1iio","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/onAp1iio']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96dc0258-593a-5bd0-ac0c-c04abe531658","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/PepQvAgt","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/PepQvAgt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92c10d4a-45d0-5c4e-99ed-3abd83685293","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/W27LB5v8","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/W27LB5v8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33993443-c990-5425-ae75-97e75dc3e5ba","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/wej06iCw","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/wej06iCw']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--591244ef-06b8-5461-8276-65a52862e6ce","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://h32k.site/l/zdJHoT0s","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://h32k.site/l/zdJHoT0s']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f981f00c-c319-5daa-b76c-d321d6be14ff","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"j28t.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j28t.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0fc14a10-769f-51e6-a78c-1571938a8124","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j28t.site/l/A3UEJTAp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j28t.site/l/A3UEJTAp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75ea42ea-ce54-5e91-a18f-ce5188768e59","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j28t.site/l/CorACYu0","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j28t.site/l/CorACYu0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6956f05f-8eff-5935-9c3b-61910a183167","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j28t.site/l/doh5GEwm","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j28t.site/l/doh5GEwm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7116197-7024-59ea-9586-0d5b3be9100c","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j28t.site/l/QezKhJwW","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j28t.site/l/QezKhJwW']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3c5af32-5640-5575-a232-7e39dc4910d0","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j28t.site/l/xQUrSKF9","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j28t.site/l/xQUrSKF9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d92c4383-39ee-5b28-b869-dc3f792ea4ef","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"j56y.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j56y.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a83c299-d237-52a9-abe4-826a10401a07","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j56y.com/l/6pAi5ZfL","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.com/l/6pAi5ZfL']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--726311ba-9978-58d3-b4fe-b3f0cd6a8bca","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j56y.com/l/Dah6Lx7v","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.com/l/Dah6Lx7v']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb0033d4-4069-59f7-9c1d-e6e3557b3ffd","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j56y.com/l/NhVviHvW","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.com/l/NhVviHvW']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1bbe1afa-6445-52b4-9a49-3523d7593a21","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j56y.com/l/Tw36CPZz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.com/l/Tw36CPZz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d12fb16d-bea5-5a58-9ef3-902bcb81f9c3","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"j56y.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j56y.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e435649-20d6-506f-ae74-ba851112e2a0","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j56y.site/l/mCfO7paf","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.site/l/mCfO7paf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3be6741-6f7e-5e3e-9d96-124bc89142d7","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j56y.site/l/O4Fma6oI","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.site/l/O4Fma6oI']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--581530b3-9e77-5b9e-85b8-be29948a0d76","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j56y.site/l/Si00TAaC","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.site/l/Si00TAaC']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c26bf75e-b860-5e5b-b336-975ace25e18f","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j56y.site/l/vA9McmCG","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.site/l/vA9McmCG']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0315d1a5-1d74-569a-a58e-a9eaf1f6e1a3","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j56y.site/l/zSzSdoaB","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.site/l/zSzSdoaB']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92e967d3-4400-5f10-ab31-537d05968471","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"j69t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j69t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7357325-3968-57d5-85dc-b33d3474b6aa","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j69t.com/l/9dTWbLpb","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j69t.com/l/9dTWbLpb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e752680-a74e-581a-bb71-53e5159a610f","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j69t.com/l/c089ZZO3","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j69t.com/l/c089ZZO3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4ea5e80-b434-5048-9b44-417250bfa65a","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"j82k.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j82k.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a789f80b-0719-5f7e-8da0-7dfdc9b4131b","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j82k.site/l/e9KNXcpe","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j82k.site/l/e9KNXcpe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--196af8ce-74f6-5182-b08e-0c468915c03b","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j82k.site/l/PSRIv4zl","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j82k.site/l/PSRIv4zl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2cf066b-2562-5110-8e94-de9f634bfa35","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://j82k.site/l/z4X6l01y","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j82k.site/l/z4X6l01y']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb7d6a57-3211-55bb-92d3-d3d3d4d21d54","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"jd56.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jd56.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85f6ba55-d9eb-5979-9a1b-72c253bd89d1","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jd56.site/l/8CxorY37","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd56.site/l/8CxorY37']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d544a1d7-4db0-5139-8902-1eb5711016ce","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jd56.site/l/9PGfzDFW","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd56.site/l/9PGfzDFW']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5feeb2d9-ba85-57aa-8e9b-be04fd2d2746","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jd56.site/l/bDTx8hRK","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd56.site/l/bDTx8hRK']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ea906af-c721-5e8a-9dcd-e2c2937eecab","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jd56.site/l/BwpalGnv","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd56.site/l/BwpalGnv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8207d50f-e91c-53b1-a1fb-40efdf895227","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jd56.site/l/fX6hlIxv","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd56.site/l/fX6hlIxv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0d3a259-9289-57cb-8766-42c29293f1be","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jd56.site/l/Jae6ACU8","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd56.site/l/Jae6ACU8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3dee667d-f6ac-5ca7-af65-cc303217028e","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jd56.site/l/mDjWPSIx","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd56.site/l/mDjWPSIx']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fdf80bac-2f04-58db-870c-d300853d7ef2","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jd56.site/l/or3UDNvu","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd56.site/l/or3UDNvu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e732e46-7e56-5ea5-8447-d4eea979a8f0","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jd56.site/l/OTN8yV4g","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd56.site/l/OTN8yV4g']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e687d879-e534-504b-8bfa-fc5586381642","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"jk86.xyz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jk86.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad78ab15-a137-5abc-9148-c06760d6bbba","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jk86.xyz/l/I9CL8dG9","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jk86.xyz/l/I9CL8dG9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6ccc850-0e63-5b8b-bdaf-e41e50b4067a","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://jk86.xyz/l/Mt1CQs8V","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jk86.xyz/l/Mt1CQs8V']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd933e21-d642-54f7-9f84-44ba1ab0f33f","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"p78t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'p78t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3cc90623-18c4-553d-91b6-83ad1d56f489","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/0JRVcbTb","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/0JRVcbTb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a829dc11-cc1b-56b3-9098-4f1aef7dff7e","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/5pwcbmIb","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/5pwcbmIb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e3893bf-e6bd-55ee-a7c4-3e4357aa41c2","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/5YahmueV","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/5YahmueV']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5b091e1-a8d9-5bd5-aabb-b4f6db026b12","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/9tT5X4TX","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/9tT5X4TX']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--80f7fb2a-e685-564f-a260-ddaea3441bc1","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/cfQXqYtT","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/cfQXqYtT']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--953882da-c4ed-5ca5-8c9e-83dbac7610fa","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/iXxXs6Nq","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/iXxXs6Nq']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0504af3-d509-5ee5-a3f8-639b5dfb2e7e","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/NdxccmZb","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/NdxccmZb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--511fa2ce-4f52-578d-9ef1-62fe4834eaf7","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/oxn49f6W","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/oxn49f6W']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a3e8595-db61-5f2e-b08c-b82093c647ad","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/PNczEb8v","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/PNczEb8v']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39cee9ed-af7b-57cc-8fa7-4fbd917c164a","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/RaNpDMDL","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/RaNpDMDL']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--270ec90a-5fe1-50fc-ae4d-2424bf680b73","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/SqqjpCaM","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/SqqjpCaM']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3ce9402-46e1-504b-9b32-e3729e237925","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/sqUM3d0g","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/sqUM3d0g']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--616fbd7f-327c-506a-9954-a4fd8423a0fb","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/uibt4KCV","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/uibt4KCV']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fe9400d-3b00-57eb-a8ed-9a03eb52ef7b","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/UJoEhFiC","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/UJoEhFiC']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2831ba1d-80ec-57e1-b946-85761eba1643","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/VBTrmN14","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/VBTrmN14']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe88b1fc-7f71-52f5-8406-6c81ee62b389","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/wcY8vjWe","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/wcY8vjWe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5f8a3ac-77d0-5ffa-aa86-b779350f07f3","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/WyyNxQVd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/WyyNxQVd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec2dc1fd-e78f-5d79-94a5-fbb1061dc774","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/WzPxwbla","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/WzPxwbla']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38d7586a-a518-5ddc-a0bc-54bbcd7cf168","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/xWS9Ctmd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/xWS9Ctmd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29b895e3-06f3-53db-9d24-ca32ccdd447c","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/YppZVa6V","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/YppZVa6V']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4497fd59-bb2e-5560-95a3-3988175a02ad","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://p78t.com/l/Zvpb9YzA","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com/l/Zvpb9YzA']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4eea8851-d68a-5726-9cfa-c7f84521f2fd","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"pg31.xyz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pg31.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3522a0d1-1550-56bc-80a8-7bba32fa0491","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://pg31.xyz/l/sjof8Zdz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pg31.xyz/l/sjof8Zdz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--681c75df-ba7b-5e8d-a68e-e67c4e308769","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://pg31.xyz/l/WBb5ZXS6","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pg31.xyz/l/WBb5ZXS6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b99a2089-aafc-5ad0-a87b-c56116e89620","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"r47b.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'r47b.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b3a78b6-418f-56ef-a522-205061eefc25","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/3kyNoGj8","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/3kyNoGj8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba0e162e-3b10-5c33-9fb2-9bdc479732f8","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/8D2o9RbW","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/8D2o9RbW']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a15ca50-f03a-5013-830c-480bf302775b","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/G6u1CGYA","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/G6u1CGYA']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cb45b51-ac4a-5018-a114-3553b26b1d48","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/hsm6dKSP","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/hsm6dKSP']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dfc19c45-90a9-504f-8afb-7a49d8db0507","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/JnZevVrK","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/JnZevVrK']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c9bd5ac-4606-59b2-a171-4c2c2d5f1d5e","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/KZ5EmTwV","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/KZ5EmTwV']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9ec2fb8-0bb9-5f6b-8092-66209bed87b6","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/M7OBAaUK","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/M7OBAaUK']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a65170b-92b7-5a5e-b7b0-25cb37ad85d8","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/McA1Mhcl","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/McA1Mhcl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a3e999f-0a21-5f61-8117-a5ac9ec7b1a2","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/mvzApdtp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/mvzApdtp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71e13072-f0d6-59ab-9fc9-1b8d0d7b85e2","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/N4ZoJ3uW","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/N4ZoJ3uW']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9768765a-18e5-5348-9098-be5abaeeb907","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/pGjj5ap6","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/pGjj5ap6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba02a5dc-4fbf-5c6e-a3c7-2d9796b45c5e","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/VR41hNvH","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/VR41hNvH']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c1c6f66-0234-571f-87bb-5237e2564731","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/Vs6Xsoni","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/Vs6Xsoni']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41f044f8-33b6-5c39-b1bf-620d44533179","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://r47b.site/l/WTbKZjI3","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site/l/WTbKZjI3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53934beb-8fbc-5c6c-847d-6d37fdf89378","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"t45r.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 't45r.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0076003-a7c6-50e4-8b70-d032bce78e0c","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/0e6Je09a","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/0e6Je09a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50f537cc-d4fb-5b25-9c14-51d769ff7ffc","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/5zZd88Wa","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/5zZd88Wa']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--32cb07cf-19d8-56ba-ae5a-7917310369dc","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/9uM0Q0x3","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/9uM0Q0x3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7e3cc62-6717-5fb1-80ff-586a4a0d4055","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/cCPSrcJm","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/cCPSrcJm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e1ba70c-32a0-5f12-90ee-809154b17daf","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/gZticEOt/","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/gZticEOt/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7de48cfb-ee95-5b34-9ce6-a4ce1b361e14","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/op7EtsXg","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/op7EtsXg']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3dd09c1-f8aa-550e-acb1-25ea5e2a9a6a","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/pkb5UFDv","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/pkb5UFDv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43976bc0-7b6e-51fb-8f84-de2ffbc519ff","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/PVQYsWQe","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/PVQYsWQe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--773dd19c-f64b-52c8-8806-8325807eb08b","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/SxoWGWdV","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/SxoWGWdV']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17ad0cb2-82ee-5a36-a7d8-c97cffaf02b4","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/tTMDJg2r","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/tTMDJg2r']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86a9f31e-9a9f-51e5-842d-752ed4d2bab3","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/US6eRt37","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/US6eRt37']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebc2be08-019c-50e8-a98b-522c4e2819c9","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/ynNzTjrU","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/ynNzTjrU']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--51bb7482-ab0e-5566-ba3b-f77e961e5d49","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://t45r.site/l/zuTxlgFI","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site/l/zuTxlgFI']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db6928dd-00d2-596b-a3fe-be94c0c9082c","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"tk00.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tk00.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2f2711c-6b3c-53f6-9ae8-9b89a18a2173","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://tk00.cc/l/t8JALVzf","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tk00.cc/l/t8JALVzf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a000c9de-4a89-5392-8d30-648fb1c8dc76","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"u28x.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'u28x.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e53efc2-cd07-5505-b32c-4365cd818e0f","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://u28x.site/l/2m89dOmB","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u28x.site/l/2m89dOmB']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e0358a7-a1c2-55d5-9f39-27dfbae7760b","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://u28x.site/l/5bzo3Nq8","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u28x.site/l/5bzo3Nq8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--da0555b9-0616-53a1-a338-8ad3ce504c20","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://u28x.site/l/z6DVf9cq","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u28x.site/l/z6DVf9cq']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76055abe-54c1-5d47-8fa2-2398ccc1c4c0","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"u84k.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'u84k.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05285260-bc42-5b65-a49b-5c9cca5dc686","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://u84k.com/l/6JzhVJ2C","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u84k.com/l/6JzhVJ2C']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9dddb9af-611e-5745-b641-8ea7edab03fb","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://u84k.com/l/8Cbs3A2H","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u84k.com/l/8Cbs3A2H']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83ee6df4-de48-5be5-8096-14fd2bc9a399","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://u84k.com/l/HA6tq0yj","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u84k.com/l/HA6tq0yj']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2378038e-cbdc-511d-8a4a-712acda799a5","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://u84k.com/l/NEdKkxCj","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u84k.com/l/NEdKkxCj']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62cd25f8-8ff5-5981-b602-ef0acbee84fe","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://u84k.com/l/OL2Z85ja","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u84k.com/l/OL2Z85ja']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--def4df53-e286-5310-81e0-0f6b354b5066","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://u84k.com/l/qrY9wtwO","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u84k.com/l/qrY9wtwO']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7ed7a43-d380-5087-a846-0ff2557026f2","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"we6t.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'we6t.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--303b9c55-487e-5899-a5f4-f26a8c689c55","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://we6t.site/l/ShQrAjY7","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://we6t.site/l/ShQrAjY7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b0ca6eb-b1fa-5dbf-9892-aeefc786be83","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://we6t.site/l/TcGqkhyS","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://we6t.site/l/TcGqkhyS']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e246d41-a2ac-5aef-9a9f-a8392f5a4837","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"y29v.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'y29v.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0ef5b3e-46cf-59a4-81e0-671c662723e5","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/07M3fKoV","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/07M3fKoV']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e16ea9a-f426-5d61-93db-9aeca53e98f3","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/2bdWcrVL","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/2bdWcrVL']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea7ee1f7-84fd-518e-9f7c-06251aed9bf6","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/48TUfJev","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/48TUfJev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a0abb7fe-a4fd-593d-87f2-a0a80f658c00","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/8PoKw0JQ","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/8PoKw0JQ']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8b2257f-5297-5dfa-80a0-8b162bd2464c","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/GBvqWgBQ","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/GBvqWgBQ']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f2000a1-1588-52d8-af91-890f7e70bcb7","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/ifG3twmM","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/ifG3twmM']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1cef675c-b2a3-5bc3-96ae-82c805775c15","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/liVTp8P8","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/liVTp8P8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e640af5-bdc7-5b55-ac6a-1e6819b2c29f","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/p10Gun65","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/p10Gun65']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c792260-f281-5d46-bda3-aa76620b8e92","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/PTIYIqtS","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/PTIYIqtS']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa0bd27b-fb67-5ae9-8fc9-ad0b78674630","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/svkisJcb","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/svkisJcb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2011b48-2e3a-5a52-8565-58f8121c1e0c","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/WUzZNrWv","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/WUzZNrWv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e324a42-7e12-5620-b1b9-cea6955a9c50","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://y29v.com/l/WvMszIUN","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com/l/WvMszIUN']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8878e283-9592-54c6-83f1-67c02d0c3f5d","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"z63k.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'z63k.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--becb30ea-6917-5b5c-92dd-78f6b26ab7e7","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://z63k.site/l/eCgfo7fd","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://z63k.site/l/eCgfo7fd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--662207f1-10d6-5f13-8456-1bb12baa9cad","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://z63k.site/l/iFXelC6o","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://z63k.site/l/iFXelC6o']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64538955-fdea-58cd-b009-d1d908735377","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://z63k.site/l/vjxTwlhn","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://z63k.site/l/vjxTwlhn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c4eab338-2d7e-526f-92e8-46ba2deee41c","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://z63k.site/l/zGWr5YE1","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://z63k.site/l/zGWr5YE1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b1f61eaf-9878-56e2-948f-6991dbe845c9","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"zz8t.xyz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zz8t.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--394b2b09-9b7e-5ead-b6fa-884d1f8a0781","created":"2026-05-06T20:56:00.000Z","modified":"2026-05-06T20:56:00.000Z","valid_from":"2026-05-06T20:56:00.000Z","name":"http://zz8t.xyz/l/RN9Dnief","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://zz8t.xyz/l/RN9Dnief']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052130511846285705"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33ea2365-b185-5cbe-9b9a-666f7903140a","created":"2026-05-06T20:58:00.000Z","modified":"2026-05-06T20:58:00.000Z","valid_from":"2026-05-06T20:58:00.000Z","name":"http://108.165.123.10/updates/","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://108.165.123.10/updates/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052130802201215023"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--671aca9c-1285-562c-b974-8e830d888dc2","created":"2026-05-06T20:58:00.000Z","modified":"2026-05-06T20:58:00.000Z","valid_from":"2026-05-06T20:58:00.000Z","name":"108.165.123.10","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '108.165.123.10']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052130802201215023"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--686f07cf-026a-5562-95e8-381b81b83738","created":"2026-05-06T20:58:00.000Z","modified":"2026-05-06T20:58:00.000Z","valid_from":"2026-05-06T20:58:00.000Z","name":"36bf99bd088ab729a1ea887360a665a56e941fbc891774f3a878fbfe3e5ddb50","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '36bf99bd088ab729a1ea887360a665a56e941fbc891774f3a878fbfe3e5ddb50']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052130802201215023"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5653fbb7-b6e7-5031-808c-ad8c157e2b55","created":"2026-05-06T21:03:00.000Z","modified":"2026-05-06T21:03:00.000Z","valid_from":"2026-05-06T21:03:00.000Z","name":"bafybeibh6u74fuvyazqu2q7y6pginkxprjurxchgfshwigrs5y77qcbj6i.ipfs.dweb.link","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bafybeibh6u74fuvyazqu2q7y6pginkxprjurxchgfshwigrs5y77qcbj6i.ipfs.dweb.link']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052132041332818161"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7274726f-fcc8-5515-817c-b1a1b2605807","created":"2026-05-06T21:03:00.000Z","modified":"2026-05-06T21:03:00.000Z","valid_from":"2026-05-06T21:03:00.000Z","name":"https://bafybeibh6u74fuvyazqu2q7y6pginkxprjurxchgfshwigrs5y77qcbj6i.ipfs.dweb.link/?filename=11.msi","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bafybeibh6u74fuvyazqu2q7y6pginkxprjurxchgfshwigrs5y77qcbj6i.ipfs.dweb.link/?filename=11.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052132041332818161"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fb6d46f-1ed3-5a66-ae88-3c4a04b60c02","created":"2026-05-06T21:03:00.000Z","modified":"2026-05-06T21:03:00.000Z","valid_from":"2026-05-06T21:03:00.000Z","name":"d13a708ba2bcdac8f9ce4d79dac309176dff8c20a9614602a32a4a18f5008ce1","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd13a708ba2bcdac8f9ce4d79dac309176dff8c20a9614602a32a4a18f5008ce1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052132041332818161"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--af9f662c-5fa2-51de-ba41-be0b38476844","created":"2026-05-06T21:07:00.000Z","modified":"2026-05-06T21:07:00.000Z","valid_from":"2026-05-06T21:07:00.000Z","name":"moscow-reproductive-rehab-delete.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'moscow-reproductive-rehab-delete.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052133176558948742"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad57af4d-4260-54b3-a6e4-738828795572","created":"2026-05-06T21:07:00.000Z","modified":"2026-05-06T21:07:00.000Z","valid_from":"2026-05-06T21:07:00.000Z","name":"https://moscow-reproductive-rehab-delete.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://moscow-reproductive-rehab-delete.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052133176558948742"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6014991c-830e-58f4-9abb-3b004ac3b597","created":"2026-05-06T21:09:00.000Z","modified":"2026-05-06T21:09:00.000Z","valid_from":"2026-05-06T21:09:00.000Z","name":"http://38.210.209.142:8181/login","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://38.210.209.142:8181/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2052133613810983326"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a03bc4d3-4003-58a4-b912-b0047e74a4c9","created":"2026-05-06T21:09:00.000Z","modified":"2026-05-06T21:09:00.000Z","valid_from":"2026-05-06T21:09:00.000Z","name":"38.210.209.142","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.210.209.142']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2052133613810983326"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b8ddfb8-8811-5d4e-adb7-a74d65e19def","created":"2026-05-06T21:09:00.000Z","modified":"2026-05-06T21:09:00.000Z","valid_from":"2026-05-06T21:09:00.000Z","name":"ck34.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ck34.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052133731331170455"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2723856e-900f-5cf7-9ad9-90cb73e186fd","created":"2026-05-06T21:09:00.000Z","modified":"2026-05-06T21:09:00.000Z","valid_from":"2026-05-06T21:09:00.000Z","name":"http://ck34.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ck34.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052133731331170455"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--73018d2e-a06e-5eb2-90d1-b61fa4c2a77b","created":"2026-05-06T21:09:00.000Z","modified":"2026-05-06T21:09:00.000Z","valid_from":"2026-05-06T21:09:00.000Z","name":"http://172.67.137.178:7707","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://172.67.137.178:7707']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052133731331170455"}],"labels":["AsyncRAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--920996e3-b872-5ad8-978b-de8d9ab16366","created":"2026-05-06T21:21:00.000Z","modified":"2026-05-06T21:21:00.000Z","valid_from":"2026-05-06T21:21:00.000Z","name":"c39ce6becf3908bcacd5bbe22a6339a1a9c9082c8e7af82b11daec1fc9344a1c","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c39ce6becf3908bcacd5bbe22a6339a1a9c9082c8e7af82b11daec1fc9344a1c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2052136584158343634"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c37cb21-0099-5448-9e67-604337ef02d5","created":"2026-05-06T21:22:00.000Z","modified":"2026-05-06T21:22:00.000Z","valid_from":"2026-05-06T21:22:00.000Z","name":"d4322938cb7d0956c2d70a3c977919eb2a30b48ccd9dd25a827ec959cc58499f","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd4322938cb7d0956c2d70a3c977919eb2a30b48ccd9dd25a827ec959cc58499f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052136968767582458"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2bb7b365-66b1-5dcb-b991-3e144f7122fc","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"http://104.171.122.90:8181","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.171.122.90:8181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3d4d06a-064f-5966-bdab-c7db70d8cc2f","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"http://135.181.77.225:8181","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://135.181.77.225:8181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4862c26-f39a-5834-9357-7cfb57afb7e0","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"http://168.138.228.23:8181","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://168.138.228.23:8181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a769c18-940b-5687-b7c5-1e7a9ff6a52b","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"http://178.156.225.48:8181","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://178.156.225.48:8181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca33ed23-8a92-596b-ac97-24fea184071a","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"http://217.216.92.111:8181","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://217.216.92.111:8181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--80ca1d4e-dbaa-5519-850b-556abf2a2ade","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"http://38.210.209.142:8181","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://38.210.209.142:8181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--731ab4c9-8412-5692-a0e9-2ca7f810c1ba","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"http://38.210.210.16:8181","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://38.210.210.16:8181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e6cad2a-1fad-5661-892e-344ce585ab8d","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"http://65.109.55.181:8181","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://65.109.55.181:8181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ca3af7e-a9c3-563f-8aae-14e09268270a","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"104.171.122.90","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.171.122.90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce8b413d-0f70-508f-85bf-240f03b0ca06","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"135.181.77.225","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '135.181.77.225']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a1901ec-01be-5c6b-8dc3-dde6de490eba","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"168.138.228.23","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '168.138.228.23']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--95b4eead-1e59-5cc3-af37-0bb87959ffc0","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"178.156.225.48","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '178.156.225.48']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--25c45d5e-c2c2-5474-a5ff-e7c9874bc4db","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"217.216.92.111","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '217.216.92.111']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--53b6430e-a077-54e0-9ffd-4063e55f233e","created":"2026-05-06T21:36:00.000Z","modified":"2026-05-06T21:36:00.000Z","valid_from":"2026-05-06T21:36:00.000Z","name":"38.210.210.16","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.210.210.16']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052140401197306278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--49f20a6b-4f22-5804-85f3-730921e90f2d","created":"2026-05-06T21:57:00.000Z","modified":"2026-05-06T21:57:00.000Z","valid_from":"2026-05-06T21:57:00.000Z","name":"gadot.co.il","description":"IOC reported by @FalconFeedsio on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gadot.co.il']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FalconFeedsio/status/2052145734217302278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--27a5293e-6ea1-54c4-b498-1a703742fefa","created":"2026-05-06T21:57:00.000Z","modified":"2026-05-06T21:57:00.000Z","valid_from":"2026-05-06T21:57:00.000Z","name":"http://gadot.co.il","description":"IOC reported by @FalconFeedsio on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gadot.co.il']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FalconFeedsio/status/2052145734217302278"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a7bd414-1b3a-5ad6-b367-2f1b7785bf46","created":"2026-05-06T22:16:00.000Z","modified":"2026-05-06T22:16:00.000Z","valid_from":"2026-05-06T22:16:00.000Z","name":"pexaro.vu","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pexaro.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2052150611865670073"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52d4e745-511a-5a18-9141-9c4772ae9828","created":"2026-05-06T22:16:00.000Z","modified":"2026-05-06T22:16:00.000Z","valid_from":"2026-05-06T22:16:00.000Z","name":"https://pexaro.vu/index.html","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pexaro.vu/index.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2052150611865670073"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8160e8d8-6925-5e8c-95a1-1f9bd1e8153d","created":"2026-05-06T22:16:00.000Z","modified":"2026-05-06T22:16:00.000Z","valid_from":"2026-05-06T22:16:00.000Z","name":"https://pexaro.vu","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pexaro.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2052150611865670073"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f26fde1-61ed-5ef8-8511-107746df8525","created":"2026-05-06T22:16:00.000Z","modified":"2026-05-06T22:16:00.000Z","valid_from":"2026-05-06T22:16:00.000Z","name":"https://t.me/+WP4g8FJs3xlhZDA0","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://t.me/+WP4g8FJs3xlhZDA0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2052150611865670073"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9ab26d1-1412-555b-9033-0bdefa91bc2b","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"fifa2026p.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fifa2026p.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53ca83fd-37c0-52bb-8b82-83b41821140e","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"https://fifa2026p.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://fifa2026p.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--971e06da-48d3-504b-a7e2-7b02bc5a824d","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"paninideposito.store","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'paninideposito.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1bf05586-521d-520e-af76-1f5d82b24329","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"https://paninideposito.store","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://paninideposito.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--70c9fa35-4160-50ea-8556-bfbcdf94efac","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"panini-ofertas.xyz","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'panini-ofertas.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a8e9e88-f789-5b4c-bb0c-41c54d7ec38e","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"https://panini-ofertas.xyz","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://panini-ofertas.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c14a786-01dd-5cc4-bb20-fa85e025eb8d","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"paninicopadomundo.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'paninicopadomundo.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d04a8085-ef12-5e9e-b725-3215c2cd7c76","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"https://paninicopadomundo.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://paninicopadomundo.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6cba482-cb6f-540e-9635-578d6f6527bb","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"lojaspanini-online.store","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lojaspanini-online.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9cd476a-5cd7-5004-b9b1-a9de8ed1ac74","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"https://lojaspanini-online.store","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://lojaspanini-online.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67e4105c-2d96-50db-bb15-fc4d266cd339","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"livrariapanini.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'livrariapanini.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4b9329e-c434-59c1-af13-69fa2c639be2","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"https://livrariapanini.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://livrariapanini.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bcfc399f-1a58-5735-98e4-aa358f34e286","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"copa-panini.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'copa-panini.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eaed0913-f449-514c-82ab-aafe5f3942fa","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"https://copa-panini.site","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://copa-panini.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--430f836f-46be-5a20-9927-9ba2f54c6dd7","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"torcedorcopapanini.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'torcedorcopapanini.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36611e24-a8c0-5679-bc37-6cb0c7e49ed6","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"https://torcedorcopapanini.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://torcedorcopapanini.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--213601a5-9f3a-5630-ab28-6f03132ad055","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"ingressossflamengoo.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ingressossflamengoo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10f4c3bc-17f6-55a7-822d-a43cb2fe9d38","created":"2026-05-07T00:30:00.000Z","modified":"2026-05-07T00:30:00.000Z","valid_from":"2026-05-07T00:30:00.000Z","name":"https://ingressossflamengoo.com","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ingressossflamengoo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052184135125610839"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1f63384-4bab-5cc6-b5c8-8bea2b950235","created":"2026-05-07T02:28:00.000Z","modified":"2026-05-07T02:28:00.000Z","valid_from":"2026-05-07T02:28:00.000Z","name":"oraldj.zipgear.sbs","description":"IOC reported by @kikusui_sangyo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'oraldj.zipgear.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kikusui_sangyo/status/2052213893372792924"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--55dd6932-7320-5c9a-8b46-b656562f45ab","created":"2026-05-07T02:28:00.000Z","modified":"2026-05-07T02:28:00.000Z","valid_from":"2026-05-07T02:28:00.000Z","name":"https://oraldj.zipgear.sbs","description":"IOC reported by @kikusui_sangyo on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://oraldj.zipgear.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kikusui_sangyo/status/2052213893372792924"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4cbc9b9-c1ec-5116-8216-68ad684a1ece","created":"2026-05-07T02:48:00.000Z","modified":"2026-05-07T02:48:00.000Z","valid_from":"2026-05-07T02:48:00.000Z","name":"gofomewavo.z1.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gofomewavo.z1.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052219039783743963"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b1d36fa4-3051-5a17-ada3-e35db8796b27","created":"2026-05-07T02:48:00.000Z","modified":"2026-05-07T02:48:00.000Z","valid_from":"2026-05-07T02:48:00.000Z","name":"https://gofomewavo.z1.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://gofomewavo.z1.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052219039783743963"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b834e6d-b704-53fe-bd00-ac698c1b4ed6","created":"2026-05-07T03:08:00.000Z","modified":"2026-05-07T03:08:00.000Z","valid_from":"2026-05-07T03:08:00.000Z","name":"lulofumebo.z9.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lulofumebo.z9.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052223949820555303"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d735313-ae8f-5557-9c36-2fa8babc409e","created":"2026-05-07T03:08:00.000Z","modified":"2026-05-07T03:08:00.000Z","valid_from":"2026-05-07T03:08:00.000Z","name":"https://lulofumebo.z9.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://lulofumebo.z9.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052223949820555303"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c4859d02-7750-5ea2-bdd0-c303da9fdd61","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkas.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkas.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c22523b-5c0f-5770-a917-70e3e60553db","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkas.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkas.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d159e7c-24ac-5b0a-abf9-4e18c7c2163d","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkbs.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkbs.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--91e2b925-5ea4-5b00-86a3-a1cb12b7fa7f","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkbs.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkbs.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b6bf7ed-f270-5303-9645-eff23815f654","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkis.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkis.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--97046781-e3e9-5772-b809-d494fd96aec8","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkis.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkis.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5826411b-4804-562b-8213-9d0d3de729eb","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkhs.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkhs.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--677650b8-3b5e-5f53-96ee-137775d0c280","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkhs.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkhs.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--db6d992b-6d62-5a0f-9439-759747220e10","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkjs.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkjs.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--22a93843-0b25-5838-807f-8fd9c17df7ac","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkjs.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkjs.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--251670ad-460e-567c-b571-6e1e1d929ff4","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkds.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkds.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--460d151b-7538-5f41-960a-6f35d9e4f4f8","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkds.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkds.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--98647dd5-aead-50b4-99d9-c38dcfee9d6e","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkcs.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkcs.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5976ae50-e7a1-55fe-89ec-dcb349291357","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkcs.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkcs.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f9a3d5b-19c3-574a-b5d4-941b9fa712c1","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkes.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkes.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--77a98020-39de-5c89-b66c-9f9e901449a5","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkes.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkes.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--581d582b-f6ce-589a-89b8-2325ab299e03","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkgs.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkgs.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d337decf-9ca2-56df-b467-0eb8c47a1ba9","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkgs.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkgs.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b329ca5e-6c68-5c2d-8fe6-1eb9651efd9d","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"bhbkfs.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhbkfs.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d2e1343-618f-57b0-94b4-d4d965a5a515","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"https://bhbkfs.com/individual/service/e-net/login/3210001","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bhbkfs.com/individual/service/e-net/login/3210001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--487d0c69-b737-5b39-913c-147af59d1070","created":"2026-05-07T04:07:00.000Z","modified":"2026-05-07T04:07:00.000Z","valid_from":"2026-05-07T04:07:00.000Z","name":"137.220.152.149","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '137.220.152.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052238865092735316"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--439d6c84-e6eb-569a-81a7-d277d021abf6","created":"2026-05-07T04:21:00.000Z","modified":"2026-05-07T04:21:00.000Z","valid_from":"2026-05-07T04:21:00.000Z","name":"docusign.midnightdocuments.network","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docusign.midnightdocuments.network']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052242287682601036"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8651d1fb-7a46-5100-bb95-e31adfdc56a1","created":"2026-05-07T04:21:00.000Z","modified":"2026-05-07T04:21:00.000Z","valid_from":"2026-05-07T04:21:00.000Z","name":"http://docusign.midnightdocuments.network","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docusign.midnightdocuments.network']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052242287682601036"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3da1b06-ac64-5d57-9995-75d0cfb523a4","created":"2026-05-07T04:21:00.000Z","modified":"2026-05-07T04:21:00.000Z","valid_from":"2026-05-07T04:21:00.000Z","name":"overdocu.live","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'overdocu.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052242287682601036"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0108085-628c-5b89-88a7-8ee73b6096a0","created":"2026-05-07T04:21:00.000Z","modified":"2026-05-07T04:21:00.000Z","valid_from":"2026-05-07T04:21:00.000Z","name":"http://overdocu.live","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://overdocu.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052242287682601036"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b41ab881-7bbc-5609-ba9f-6125b824e1b6","created":"2026-05-07T04:21:00.000Z","modified":"2026-05-07T04:21:00.000Z","valid_from":"2026-05-07T04:21:00.000Z","name":"store5.gofile.io","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'store5.gofile.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052242287682601036"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83c5daf2-a1d7-5e47-bf4b-e98294b86511","created":"2026-05-07T04:21:00.000Z","modified":"2026-05-07T04:21:00.000Z","valid_from":"2026-05-07T04:21:00.000Z","name":"http://store5.gofile.io/download/direct/6751a25f-da78-4d2f-9d10-65ff6ad75b31/DocuSign%20Setup.exe","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://store5.gofile.io/download/direct/6751a25f-da78-4d2f-9d10-65ff6ad75b31/DocuSign%20Setup.exe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052242287682601036"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46454c45-a68d-5281-82e3-9849e934a3b3","created":"2026-05-07T04:21:00.000Z","modified":"2026-05-07T04:21:00.000Z","valid_from":"2026-05-07T04:21:00.000Z","name":"dvdhvbh.s3.us-east-1.amazonaws.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dvdhvbh.s3.us-east-1.amazonaws.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052242287682601036"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04e81ec0-ef28-56a1-ab78-da74ba957778","created":"2026-05-07T04:21:00.000Z","modified":"2026-05-07T04:21:00.000Z","valid_from":"2026-05-07T04:21:00.000Z","name":"http://dvdhvbh.s3.us-east-1.amazonaws.com/DocuSign_installer.vbs","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dvdhvbh.s3.us-east-1.amazonaws.com/DocuSign_installer.vbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052242287682601036"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2f8f41a-91da-5e57-93a1-d993f02b51a5","created":"2026-05-07T04:28:00.000Z","modified":"2026-05-07T04:28:00.000Z","valid_from":"2026-05-07T04:28:00.000Z","name":"173eba07c3b6caccbf64c72af605d3aaab453d1e577bafc2038254997a7b726e","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '173eba07c3b6caccbf64c72af605d3aaab453d1e577bafc2038254997a7b726e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2052244254458826989"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--859f67ef-ea7f-5ca8-8e47-d815f82cfe80","created":"2026-05-07T05:55:00.000Z","modified":"2026-05-07T05:55:00.000Z","valid_from":"2026-05-07T05:55:00.000Z","name":"e-stat.b8no2fhz.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.b8no2fhz.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052266149325554058"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--146bdb6f-2401-58ca-bf4f-073f68cff21d","created":"2026-05-07T05:55:00.000Z","modified":"2026-05-07T05:55:00.000Z","valid_from":"2026-05-07T05:55:00.000Z","name":"https://e-stat.b8no2fhz.shop/home","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.b8no2fhz.shop/home']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052266149325554058"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fb720c1-6dae-5d55-862f-9f55a2e6f07f","created":"2026-05-07T05:55:00.000Z","modified":"2026-05-07T05:55:00.000Z","valid_from":"2026-05-07T05:55:00.000Z","name":"e-stat.27vs83nl.shop","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.27vs83nl.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052266149325554058"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb864587-7faa-56d1-911e-8c5852df9a78","created":"2026-05-07T05:55:00.000Z","modified":"2026-05-07T05:55:00.000Z","valid_from":"2026-05-07T05:55:00.000Z","name":"https://e-stat.27vs83nl.shop/home","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.27vs83nl.shop/home']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052266149325554058"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d0971ec-1caa-5bcf-bccd-60e30e591b71","created":"2026-05-07T06:29:00.000Z","modified":"2026-05-07T06:29:00.000Z","valid_from":"2026-05-07T06:29:00.000Z","name":"d235741256f05ad8ceb44c469f4471f17c6a669dbf192e9ccf8d11d99a6800ef","description":"IOC reported by @L0Psec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd235741256f05ad8ceb44c469f4471f17c6a669dbf192e9ccf8d11d99a6800ef']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/L0Psec/status/2052143672204906568"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f3393ab-b4eb-57aa-87c1-5cc51ff774ff","created":"2026-05-07T06:35:00.000Z","modified":"2026-05-07T06:35:00.000Z","valid_from":"2026-05-07T06:35:00.000Z","name":"benoil.life","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'benoil.life']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052276038139629771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c077fdea-3e77-5e90-9dcb-dd5e7f287c9b","created":"2026-05-07T06:35:00.000Z","modified":"2026-05-07T06:35:00.000Z","valid_from":"2026-05-07T06:35:00.000Z","name":"https://benoil.life/teepasnow/files.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://benoil.life/teepasnow/files.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052276038139629771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78fcfa33-9c6a-5a13-aa24-50048a3dd5b9","created":"2026-05-07T06:35:00.000Z","modified":"2026-05-07T06:35:00.000Z","valid_from":"2026-05-07T06:35:00.000Z","name":"pub-c468c1f763174cadac248e4232fc1d8b.r2.dev","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pub-c468c1f763174cadac248e4232fc1d8b.r2.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052276038139629771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81a2d956-e646-5346-9eeb-2b932c725d5f","created":"2026-05-07T06:35:00.000Z","modified":"2026-05-07T06:35:00.000Z","valid_from":"2026-05-07T06:35:00.000Z","name":"https://pub-c468c1f763174cadac248e4232fc1d8b.r2.dev/teepasnow_files.exe","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pub-c468c1f763174cadac248e4232fc1d8b.r2.dev/teepasnow_files.exe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052276038139629771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9aaa713d-0d1d-54fa-8b19-73b0f4e7ccd6","created":"2026-05-07T06:35:00.000Z","modified":"2026-05-07T06:35:00.000Z","valid_from":"2026-05-07T06:35:00.000Z","name":"9b444cd31ac09d1d4bab3394c8b42e0858cd34fcdaa9f782f8d64d63608c72e7","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '9b444cd31ac09d1d4bab3394c8b42e0858cd34fcdaa9f782f8d64d63608c72e7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052276038139629771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--faad6d0e-b4f6-5fd6-a9a0-50c667e90784","created":"2026-05-07T06:48:00.000Z","modified":"2026-05-07T06:48:00.000Z","valid_from":"2026-05-07T06:48:00.000Z","name":"pornkino.cc","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pornkino.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052279310577471810"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10cda04f-ed53-57b5-af08-6e31837f40a9","created":"2026-05-07T06:48:00.000Z","modified":"2026-05-07T06:48:00.000Z","valid_from":"2026-05-07T06:48:00.000Z","name":"https://pornkino.cc/Allamericanmobility.php?_std=eyJzIjoibWFudWFsIn0","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pornkino.cc/Allamericanmobility.php?_std=eyJzIjoibWFudWFsIn0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052279310577471810"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4bf1ef93-6df3-5eec-bbec-ecdb20bda52a","created":"2026-05-07T06:48:00.000Z","modified":"2026-05-07T06:48:00.000Z","valid_from":"2026-05-07T06:48:00.000Z","name":"pub-19cf2a274be1410b9e5401424816c231.r2.dev","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pub-19cf2a274be1410b9e5401424816c231.r2.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052279310577471810"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6708c0e0-72eb-5023-944e-a793e238eda2","created":"2026-05-07T06:48:00.000Z","modified":"2026-05-07T06:48:00.000Z","valid_from":"2026-05-07T06:48:00.000Z","name":"https://pub-19cf2a274be1410b9e5401424816c231.r2.dev/allamericanmobility.msi","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pub-19cf2a274be1410b9e5401424816c231.r2.dev/allamericanmobility.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052279310577471810"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0084f03d-e0e0-599d-b3e0-a446f558130c","created":"2026-05-07T06:48:00.000Z","modified":"2026-05-07T06:48:00.000Z","valid_from":"2026-05-07T06:48:00.000Z","name":"http://184.174.20.186:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://184.174.20.186:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052279310577471810"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8db0ef0f-0449-5616-b416-d370d610b665","created":"2026-05-07T06:48:00.000Z","modified":"2026-05-07T06:48:00.000Z","valid_from":"2026-05-07T06:48:00.000Z","name":"184.174.20.186","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '184.174.20.186']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052279310577471810"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7355d00-8686-5c80-af3c-c4951c6e68cc","created":"2026-05-07T06:48:00.000Z","modified":"2026-05-07T06:48:00.000Z","valid_from":"2026-05-07T06:48:00.000Z","name":"0557f2a3a1906e23d572c1c00ba45662ae4ef5f4818cb88d57aa1aef029fc70d","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '0557f2a3a1906e23d572c1c00ba45662ae4ef5f4818cb88d57aa1aef029fc70d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052279310577471810"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43966fe5-de94-595a-af61-0264a781b677","created":"2026-05-07T07:03:00.000Z","modified":"2026-05-07T07:03:00.000Z","valid_from":"2026-05-07T07:03:00.000Z","name":"e-stat.26mwt3v0.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.26mwt3v0.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052283122428133704"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0a85aaa-1252-53cc-a542-cf1bbbcabb91","created":"2026-05-07T07:03:00.000Z","modified":"2026-05-07T07:03:00.000Z","valid_from":"2026-05-07T07:03:00.000Z","name":"https://e-stat.26mwt3v0.shop/2xj3nsrm/","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.26mwt3v0.shop/2xj3nsrm/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052283122428133704"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd24ce4f-cf3d-5d66-bdf8-d7f5fac9752b","created":"2026-05-07T07:04:00.000Z","modified":"2026-05-07T07:04:00.000Z","valid_from":"2026-05-07T07:04:00.000Z","name":"festivida.net","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'festivida.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052283427819528363"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89b63d80-c720-587d-ad83-e31247fae296","created":"2026-05-07T07:04:00.000Z","modified":"2026-05-07T07:04:00.000Z","valid_from":"2026-05-07T07:04:00.000Z","name":"https://festivida.net/trs/tri-starhomeloans.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://festivida.net/trs/tri-starhomeloans.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052283427819528363"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b09c909-38a3-5277-a593-e7a84e1a6f24","created":"2026-05-07T07:04:00.000Z","modified":"2026-05-07T07:04:00.000Z","valid_from":"2026-05-07T07:04:00.000Z","name":"pub-91909e94de8b42d2b4ba442c98034959.r2.dev","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pub-91909e94de8b42d2b4ba442c98034959.r2.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052283427819528363"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f2f41dc-9fa0-5bc0-bbc5-b2c358c65b92","created":"2026-05-07T07:04:00.000Z","modified":"2026-05-07T07:04:00.000Z","valid_from":"2026-05-07T07:04:00.000Z","name":"https://pub-91909e94de8b42d2b4ba442c98034959.r2.dev/tri-starhomeloansem_fhtHvmAu_installer_Win7-Win11_x86_x64.msi","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pub-91909e94de8b42d2b4ba442c98034959.r2.dev/tri-starhomeloansem_fhtHvmAu_installer_Win7-Win11_x86_x64.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052283427819528363"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5903e592-1a69-5f26-bb71-39f0b9eee0d0","created":"2026-05-07T07:04:00.000Z","modified":"2026-05-07T07:04:00.000Z","valid_from":"2026-05-07T07:04:00.000Z","name":"7f30259d72eb7432b2454c07be83365ecfa835188185b35b30d11654aadf86a0","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7f30259d72eb7432b2454c07be83365ecfa835188185b35b30d11654aadf86a0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052283427819528363"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0485b8f-589c-576d-9c65-044722667289","created":"2026-05-07T07:05:00.000Z","modified":"2026-05-07T07:05:00.000Z","valid_from":"2026-05-07T07:05:00.000Z","name":"e-stat.8391yei4.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.8391yei4.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052283677124755777"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa40a8b3-0f62-5b5c-9563-4dec64e9fa05","created":"2026-05-07T07:05:00.000Z","modified":"2026-05-07T07:05:00.000Z","valid_from":"2026-05-07T07:05:00.000Z","name":"https://e-stat.8391yei4.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.8391yei4.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052283677124755777"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--60617076-1f01-5ceb-aed5-c15ded6acd0c","created":"2026-05-07T07:05:00.000Z","modified":"2026-05-07T07:05:00.000Z","valid_from":"2026-05-07T07:05:00.000Z","name":"e-stat.27ldvjc7.shop","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.27ldvjc7.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052283677124755777"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e96da025-ca5d-5853-8181-96c0c281ee4f","created":"2026-05-07T07:05:00.000Z","modified":"2026-05-07T07:05:00.000Z","valid_from":"2026-05-07T07:05:00.000Z","name":"https://e-stat.27ldvjc7.shop/2xj3nsrm","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.27ldvjc7.shop/2xj3nsrm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2052283677124755777"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be4d0915-d39c-5d26-a146-1b533d2201ed","created":"2026-05-07T07:40:00.000Z","modified":"2026-05-07T07:40:00.000Z","valid_from":"2026-05-07T07:40:00.000Z","name":"noticebpi.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'noticebpi.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052292374202589408"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3aafb69-9e4a-5717-9050-936e84f3ae2e","created":"2026-05-07T07:40:00.000Z","modified":"2026-05-07T07:40:00.000Z","valid_from":"2026-05-07T07:40:00.000Z","name":"http://noticebpi.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://noticebpi.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052292374202589408"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--852b11ab-d84a-5189-8f1e-7f452348a1ed","created":"2026-05-07T07:45:00.000Z","modified":"2026-05-07T07:45:00.000Z","valid_from":"2026-05-07T07:45:00.000Z","name":"gcashweb.fit","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gcashweb.fit']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052293615343333519"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e69e66c4-0d39-56c6-9d2f-6c14d327cd7b","created":"2026-05-07T07:45:00.000Z","modified":"2026-05-07T07:45:00.000Z","valid_from":"2026-05-07T07:45:00.000Z","name":"http://gcashweb.fit","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gcashweb.fit']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052293615343333519"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75c67550-ad8f-5c31-a0f0-585d2f24a594","created":"2026-05-07T07:53:00.000Z","modified":"2026-05-07T07:53:00.000Z","valid_from":"2026-05-07T07:53:00.000Z","name":"rakuten--card.co","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rakuten--card.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052295639158182215"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02e161c3-298b-545b-95ef-b2923cdcd044","created":"2026-05-07T07:53:00.000Z","modified":"2026-05-07T07:53:00.000Z","valid_from":"2026-05-07T07:53:00.000Z","name":"https://rakuten--card.co","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rakuten--card.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052295639158182215"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44c39a08-1b79-58f3-8ed2-d7523256c521","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"mtsspk.net","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mtsspk.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2052313849278394621"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe047d97-8cd7-5f3c-957c-ab7aac99ebe1","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"https://mtsspk.net/TrDGjfgtxkdl3Pl47enr/","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mtsspk.net/TrDGjfgtxkdl3Pl47enr/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2052313849278394621"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5072fe1-f460-5af6-bf94-48fc4e12c858","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"0ecfdece9402c4f8732a4581baf4a927","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '0ecfdece9402c4f8732a4581baf4a927']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2052313849278394621"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c8260f7-137b-591e-81a9-474d873ae89d","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"3c0f8dc931cdc76c9d101b41c258a4dc","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '3c0f8dc931cdc76c9d101b41c258a4dc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2052313849278394621"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--afd48bf6-d817-5c65-ae03-1d813f18ae85","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"officesite.onrender.com","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'officesite.onrender.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2028721108850225506"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be6f7c40-ade4-54d3-8b0d-29841e114aaf","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"http://officesite.onrender.com","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://officesite.onrender.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2028721108850225506"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--964b95b6-5acc-596e-9ada-ac5e82978a8e","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"mnjkuilhgftrew.baiduwebhost.com","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mnjkuilhgftrew.baiduwebhost.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2028721108850225506"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4852c624-d3df-5303-a08a-86aba448af2f","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"http://mnjkuilhgftrew.baiduwebhost.com","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mnjkuilhgftrew.baiduwebhost.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2028721108850225506"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9faab638-feaf-5c68-81ca-defa86bc5faa","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"7c5116f2412ebcbce7ab99ccfbb2a21a","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '7c5116f2412ebcbce7ab99ccfbb2a21a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2028721108850225506"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fce80264-8d96-5542-a42e-1d88b73da98e","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"79ca03e5f149f6cddfbc92262d3f6da9","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '79ca03e5f149f6cddfbc92262d3f6da9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2028721108850225506"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea631311-fb83-5046-bb0b-bcec5ea504c1","created":"2026-05-07T09:05:00.000Z","modified":"2026-05-07T09:05:00.000Z","valid_from":"2026-05-07T09:05:00.000Z","name":"8b9a7fec4bbb53bb7f9b8c673fd4ab52","description":"IOC reported by @RedDrip7 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8b9a7fec4bbb53bb7f9b8c673fd4ab52']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RedDrip7/status/2028721108850225506"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e4bb3ff-06d8-565d-9913-3bf40d3e35f9","created":"2026-05-07T09:47:00.000Z","modified":"2026-05-07T09:47:00.000Z","valid_from":"2026-05-07T09:47:00.000Z","name":"fd28c1ef42dc959c875fff1104d3774ef0973f026498af08fc86dea2f849832a","description":"IOC reported by @nextronresearch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'fd28c1ef42dc959c875fff1104d3774ef0973f026498af08fc86dea2f849832a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/nextronresearch/status/2052324522154504585"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--72c04010-3b58-509c-b701-04581317e1bd","created":"2026-05-07T10:25:00.000Z","modified":"2026-05-07T10:25:00.000Z","valid_from":"2026-05-07T10:25:00.000Z","name":"justice-unity-complex-containers.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'justice-unity-complex-containers.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052334031006486870"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4358b404-8a8d-5ed9-aaf8-7d43ff1d9056","created":"2026-05-07T10:25:00.000Z","modified":"2026-05-07T10:25:00.000Z","valid_from":"2026-05-07T10:25:00.000Z","name":"https://justice-unity-complex-containers.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://justice-unity-complex-containers.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052334031006486870"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1b56c13-bd29-59ca-a6fe-1fcc1699bb9e","created":"2026-05-07T10:35:00.000Z","modified":"2026-05-07T10:35:00.000Z","valid_from":"2026-05-07T10:35:00.000Z","name":"http://193.169.194.40","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://193.169.194.40']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052336400792510619"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd76f21f-79ea-5ee2-a704-b681335dd75c","created":"2026-05-07T10:35:00.000Z","modified":"2026-05-07T10:35:00.000Z","valid_from":"2026-05-07T10:35:00.000Z","name":"193.169.194.40","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.169.194.40']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052336400792510619"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f49b2dba-b70e-5dda-82c1-da1955f005e1","created":"2026-05-07T10:35:00.000Z","modified":"2026-05-07T10:35:00.000Z","valid_from":"2026-05-07T10:35:00.000Z","name":"4a0edbbe5490182f27e930552cfda973f77c581bb6be1467d0087682e2d6e2f1","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '4a0edbbe5490182f27e930552cfda973f77c581bb6be1467d0087682e2d6e2f1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052336400792510619"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c92ffcc1-9720-5c25-a2d7-d6d12269d70a","created":"2026-05-07T11:37:00.000Z","modified":"2026-05-07T11:37:00.000Z","valid_from":"2026-05-07T11:37:00.000Z","name":"ymxn7m2.short.gy","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ymxn7m2.short.gy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052352005515972685"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a6674ef-60ca-50db-b510-7804ae62fcd1","created":"2026-05-07T11:37:00.000Z","modified":"2026-05-07T11:37:00.000Z","valid_from":"2026-05-07T11:37:00.000Z","name":"https://ymxn7m2.short.gy/hAaywf","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ymxn7m2.short.gy/hAaywf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052352005515972685"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3e50741-168a-552c-85fd-009c5e68e576","created":"2026-05-07T11:37:00.000Z","modified":"2026-05-07T11:37:00.000Z","valid_from":"2026-05-07T11:37:00.000Z","name":"d29d589021dbae769201898abe5bfcd0d7493dcec35c1c3b1a9137c3aa466d8f","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd29d589021dbae769201898abe5bfcd0d7493dcec35c1c3b1a9137c3aa466d8f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052352005515972685"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9741a823-fc5b-551b-9b3b-79c214a8ce77","created":"2026-05-07T11:49:00.000Z","modified":"2026-05-07T11:49:00.000Z","valid_from":"2026-05-07T11:49:00.000Z","name":"dalerocks.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dalerocks.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052355124912079217"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4289ce3-391f-5009-a5d4-10dceda00c00","created":"2026-05-07T11:49:00.000Z","modified":"2026-05-07T11:49:00.000Z","valid_from":"2026-05-07T11:49:00.000Z","name":"https://dalerocks.com/fyFWK59B?X=QKEjwPk4f0a&97=hFUj39XJt=k0SErD7G6UIRyaaPWkoSFrddgmg69gzTUHqzS8ICL90YJPArpG7vfrCuz7dUMdEn","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dalerocks.com/fyFWK59B?X=QKEjwPk4f0a&97=hFUj39XJt=k0SErD7G6UIRyaaPWkoSFrddgmg69gzTUHqzS8ICL90YJPArpG7vfrCuz7dUMdEn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052355124912079217"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--03260ba5-42cb-57c1-8062-831b0b237088","created":"2026-05-07T11:49:00.000Z","modified":"2026-05-07T11:49:00.000Z","valid_from":"2026-05-07T11:49:00.000Z","name":"wmail.dsdmpu.gov.za","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wmail.dsdmpu.gov.za']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052355124912079217"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--62a780bf-1b86-552e-8231-7003bbf13daa","created":"2026-05-07T11:49:00.000Z","modified":"2026-05-07T11:49:00.000Z","valid_from":"2026-05-07T11:49:00.000Z","name":"https://wmail.dsdmpu.gov.za/owa/auth/Current/TB.msi","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wmail.dsdmpu.gov.za/owa/auth/Current/TB.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052355124912079217"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--00041055-9f00-5839-84ed-df65e16602fb","created":"2026-05-07T11:49:00.000Z","modified":"2026-05-07T11:49:00.000Z","valid_from":"2026-05-07T11:49:00.000Z","name":"ebee881874c9cf9df451268a88f5d951d7d60bfac0f9a54f7c541517611e07f9","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'ebee881874c9cf9df451268a88f5d951d7d60bfac0f9a54f7c541517611e07f9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052355124912079217"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--25f40b60-108b-52ef-b5b9-f95f6a6c3eff","created":"2026-05-07T11:49:00.000Z","modified":"2026-05-07T11:49:00.000Z","valid_from":"2026-05-07T11:49:00.000Z","name":"91af8218c450d18ce231b2a2604f1fae68c825d04203fd312efc45263847ad5c","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '91af8218c450d18ce231b2a2604f1fae68c825d04203fd312efc45263847ad5c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052355124912079217"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--48317a17-6b80-54f1-8374-121e7c0eaafc","created":"2026-05-07T13:01:00.000Z","modified":"2026-05-07T13:01:00.000Z","valid_from":"2026-05-07T13:01:00.000Z","name":"1pasword.at","description":"IOC reported by @SquiblydooBlog on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '1pasword.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SquiblydooBlog/status/2052373262806765880"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--992e825f-0b07-508e-b24e-6cfbafea6262","created":"2026-05-07T13:01:00.000Z","modified":"2026-05-07T13:01:00.000Z","valid_from":"2026-05-07T13:01:00.000Z","name":"http://1pasword.at","description":"IOC reported by @SquiblydooBlog on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://1pasword.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SquiblydooBlog/status/2052373262806765880"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a91fe102-3385-5607-b906-9eb529ca1202","created":"2026-05-07T13:01:00.000Z","modified":"2026-05-07T13:01:00.000Z","valid_from":"2026-05-07T13:01:00.000Z","name":"69eaaa0e2f0b414b96b50b088d978cfe56a074a626d7179a67a5ee02b1830662","description":"IOC reported by @SquiblydooBlog on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '69eaaa0e2f0b414b96b50b088d978cfe56a074a626d7179a67a5ee02b1830662']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SquiblydooBlog/status/2052373262806765880"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c22c7ac-d6cf-59a4-a327-e79c48fe071b","created":"2026-05-07T13:02:00.000Z","modified":"2026-05-07T13:02:00.000Z","valid_from":"2026-05-07T13:02:00.000Z","name":"dinatran.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dinatran.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052373568176976098"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--071757c8-afe7-5d3a-926a-91690544a13f","created":"2026-05-07T13:02:00.000Z","modified":"2026-05-07T13:02:00.000Z","valid_from":"2026-05-07T13:02:00.000Z","name":"http://dinatran.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dinatran.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052373568176976098"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ecfabe98-498a-5c53-9300-53ad2efeca4d","created":"2026-05-07T13:11:00.000Z","modified":"2026-05-07T13:11:00.000Z","valid_from":"2026-05-07T13:11:00.000Z","name":"http://dalerocks.com","description":"IOC reported by @Thisism23567356 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dalerocks.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Thisism23567356/status/2052375669670064269"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--77ed39e4-cf70-5dcd-8f1f-aa9b6254ce9a","created":"2026-05-07T13:11:00.000Z","modified":"2026-05-07T13:11:00.000Z","valid_from":"2026-05-07T13:11:00.000Z","name":"939d984f39aebd02db16ff3fcde165b1","description":"IOC reported by @Thisism23567356 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '939d984f39aebd02db16ff3fcde165b1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Thisism23567356/status/2052375669670064269"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--eaf6778f-867a-5f0c-ab44-e31ef1afe195","created":"2026-05-07T13:41:00.000Z","modified":"2026-05-07T13:41:00.000Z","valid_from":"2026-05-07T13:41:00.000Z","name":"c5c667c3e74cd063043e444bd9d9239adac4d31ac047361122267b77043c3581","description":"IOC reported by @FarghlyMal on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c5c667c3e74cd063043e444bd9d9239adac4d31ac047361122267b77043c3581']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FarghlyMal/status/2052383355962810740"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d88094d-672e-5041-9957-be1868d5270f","created":"2026-05-07T13:41:00.000Z","modified":"2026-05-07T13:41:00.000Z","valid_from":"2026-05-07T13:41:00.000Z","name":"be80c5ba22d1e187c5ef62faaf5bc9072f117e7289282736e417bc7e60a36d90","description":"IOC reported by @FarghlyMal on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'be80c5ba22d1e187c5ef62faaf5bc9072f117e7289282736e417bc7e60a36d90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FarghlyMal/status/2052383355962810740"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b862fa5-b808-5633-a416-969adde16df5","created":"2026-05-07T13:41:00.000Z","modified":"2026-05-07T13:41:00.000Z","valid_from":"2026-05-07T13:41:00.000Z","name":"0312e58fec7c03fdaad929333743be36d77fceaf394ebb42a3110ff0269a9448","description":"IOC reported by @FarghlyMal on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '0312e58fec7c03fdaad929333743be36d77fceaf394ebb42a3110ff0269a9448']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FarghlyMal/status/2052383355962810740"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0bfe21bb-4517-57df-8bb4-f85866a0a62b","created":"2026-05-07T13:41:00.000Z","modified":"2026-05-07T13:41:00.000Z","valid_from":"2026-05-07T13:41:00.000Z","name":"8dd7d6472771db5b82cfc87adcb03b303fcd8f16462700ce6ff63f3d935348d9","description":"IOC reported by @FarghlyMal on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8dd7d6472771db5b82cfc87adcb03b303fcd8f16462700ce6ff63f3d935348d9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/FarghlyMal/status/2052383355962810740"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--411c4adf-b52e-5fec-ac18-4bef0f9e6b0e","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://149.50.98.23","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://149.50.98.23']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a54d65ad-4e6f-57ab-b6f6-eb6ab334249e","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://31.59.20.176","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://31.59.20.176']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd9a928f-6d43-5876-b05b-18594227bcb9","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://72.10.171.250","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://72.10.171.250']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa9945d7-c538-5c6c-8ce2-5ef0bda85a3b","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"posthq.co","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'posthq.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0da5747-ad96-5f8f-affd-d7f6dd94e0ef","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://posthq.co","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://posthq.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae3366c7-65a6-53e9-a56b-34c2287b490a","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"mailnex.co","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mailnex.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--507eb010-7458-50c6-adaa-4de6cf43c3bb","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://mailnex.co","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mailnex.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b418eb83-7090-5c0a-9338-5459346d7b9e","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"linxecp.co","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'linxecp.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5fd3d03-7a68-50fa-a7fe-ea8062c76024","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://linxecp.co","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://linxecp.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--624b61a8-b187-527f-93da-579c0507bf83","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"sendcue.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sendcue.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--32429a05-b099-5073-9fed-479e26e58a38","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://sendcue.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sendcue.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--70c67348-3de0-576c-90f9-bc4c72200815","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"nexapost.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nexapost.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fef8fdb5-9a36-5206-be76-733f60742985","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://nexapost.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nexapost.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--799b8f0f-d1c4-5433-bc8a-4210265d9244","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"sendvio.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sendvio.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--36b367cc-92de-504f-8635-e4923e37bc48","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://sendvio.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sendvio.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ccaff0c3-c850-5f16-89a9-f8460befb507","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"beacontx.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'beacontx.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f296bf00-bf45-5d62-b08b-c95dad07c2dd","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://beacontx.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://beacontx.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7b93929-6e32-58e3-959c-a4fb28c1300c","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"patrived.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'patrived.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c52c43a7-7fbc-59c0-832b-600cf9262f8c","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://patrived.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://patrived.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dcccc39c-3dcb-52a2-b305-50c7cef6c68b","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"hcmsg.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hcmsg.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d16cec7d-caa4-5318-98f9-94e5f684295d","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://hcmsg.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hcmsg.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--09496d5f-2583-579a-a17b-a9e81a318bff","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"trmtx.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'trmtx.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0695a1b-fb95-5715-a4a9-4bd82ed4b4c7","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://trmtx.online","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://trmtx.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--38c5db07-3e99-5ebe-8032-2616667faa04","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"postrio.site","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'postrio.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--46b973d1-21e8-5cf0-8dd4-dddb10d4010c","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://postrio.site","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://postrio.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--98df75b6-b3bc-54ca-bc0d-9228be424034","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"timxte.site","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'timxte.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--227c0b7c-5105-5211-9243-e5ae2f37900d","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://timxte.site","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://timxte.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c24e0d5-4eca-5ab4-a737-7653e983ce97","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"medmsg.site","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'medmsg.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a7a5e63-4c02-5b18-89af-81ec80f410c9","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"http://medmsg.site","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://medmsg.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--098fd0e1-8874-55f9-b4c6-b8fe14d05e75","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"149.50.98.23","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '149.50.98.23']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6759f457-c6b3-5e6f-a06c-28d7761ea4a9","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"31.59.20.176","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.59.20.176']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a9f0286-5abb-5d4c-a4a0-139f1b50c7a3","created":"2026-05-07T14:01:00.000Z","modified":"2026-05-07T14:01:00.000Z","valid_from":"2026-05-07T14:01:00.000Z","name":"72.10.171.250","description":"IOC reported by @ctrlaltintel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '72.10.171.250']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ctrlaltintel/status/2052388293111591230"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb575245-6119-51dd-9fe4-2e18ae0f9235","created":"2026-05-07T15:03:00.000Z","modified":"2026-05-07T15:03:00.000Z","valid_from":"2026-05-07T15:03:00.000Z","name":"illinois.gov-xkqp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'illinois.gov-xkqp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052404001090437362"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e25b6a75-ae45-560d-acdc-c462ffacfbc8","created":"2026-05-07T15:03:00.000Z","modified":"2026-05-07T15:03:00.000Z","valid_from":"2026-05-07T15:03:00.000Z","name":"http://illinois.gov-xkqp.help","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://illinois.gov-xkqp.help']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052404001090437362"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d83c258-66e3-53be-ab49-cf3980bb0027","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"1pass.md","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '1pass.md']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4958bfbd-47c0-5d7b-8e3e-cd87f1c73c18","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"http://1pass.md","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://1pass.md']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1bc9c31e-a868-5d78-a9b9-45ee1f742004","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"nordpass.to","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nordpass.to']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--24027de3-9b3c-53cc-b645-5818895c2414","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"http://nordpass.to","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nordpass.to']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1434fe72-ff5e-5694-9616-c6435bec482a","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"nordpas.at","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nordpas.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d5a9033-ffc0-5fec-a89f-9e577434ebb1","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"http://nordpas.at","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nordpas.at']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b329483-4dc0-5b54-a8a9-e65046cd1f76","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"apx-broadord.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'apx-broadord.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--05053d4c-9c89-52f2-af47-1f489a96198d","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"http://apx-broadord.com/login.php","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://apx-broadord.com/login.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc1cc905-a1e3-55e9-9aa5-7d3c619f3e13","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"http://apx-broadord.com/utm.php","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://apx-broadord.com/utm.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e33fc5b-7cdf-5faf-90a0-74fe74dcb7ec","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"vaci-cloud.b-cdn.net","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vaci-cloud.b-cdn.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8fd71bc-ed2e-5129-9c47-c9b3989dc1ea","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"http://vaci-cloud.b-cdn.net/Peton.zip","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vaci-cloud.b-cdn.net/Peton.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c88e9ef-02c0-59da-afe3-7e4da0914686","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"novayastaruxa.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'novayastaruxa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--262e77b6-ee25-59de-b242-350385ad4153","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"http://novayastaruxa.com","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://novayastaruxa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0401f59e-cf30-50eb-9509-5f25e2cd35fd","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"http://vaci-cloud.b-cdn.net/MM_SS.jar","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vaci-cloud.b-cdn.net/MM_SS.jar']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f96f7169-d888-526e-9edb-1de8f1e0e114","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"f36a0dd43a2c10a585c81b968d108fd0a43f885cf394a54b4e44221dc3724833","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'f36a0dd43a2c10a585c81b968d108fd0a43f885cf394a54b4e44221dc3724833']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--57cbe84c-4e08-5cc5-9b79-5b6c4f353184","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"db77101f82d391df882509bca61b8455703c7545152c7e436bfdc34f5969daf5","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'db77101f82d391df882509bca61b8455703c7545152c7e436bfdc34f5969daf5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--82bafd70-750f-5501-b4cb-ececd9ca9a3a","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"02b507b498e280578b56974382519a5fee608208d6ad8e724032eade83bec8d9","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '02b507b498e280578b56974382519a5fee608208d6ad8e724032eade83bec8d9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4dc1bad3-72da-510e-bb55-a183c38bc20c","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"7c54bcf3aea8348e8902cac80eb0df31b43a71601a62e2514087fef40a416bfd","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7c54bcf3aea8348e8902cac80eb0df31b43a71601a62e2514087fef40a416bfd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f07f2872-b5f5-5e2a-a15e-4222e083b9f0","created":"2026-05-07T15:28:00.000Z","modified":"2026-05-07T15:28:00.000Z","valid_from":"2026-05-07T15:28:00.000Z","name":"e2109616b1c737f9cd99bd24e5832fab306722d9928a911f0420eb9c1695d9af","description":"IOC reported by @g0njxa on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'e2109616b1c737f9cd99bd24e5832fab306722d9928a911f0420eb9c1695d9af']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/g0njxa/status/2052410149269020925"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--64d7e1a5-2967-5c36-bad5-56127e48a626","created":"2026-05-07T15:29:00.000Z","modified":"2026-05-07T15:29:00.000Z","valid_from":"2026-05-07T15:29:00.000Z","name":"9c9429c3e7c6082f4962d421671293c819d225299e767e723f6d425145486bb3","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '9c9429c3e7c6082f4962d421671293c819d225299e767e723f6d425145486bb3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052410625184149917"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a190767-0219-5c41-aee6-00726fda8471","created":"2026-05-07T15:29:00.000Z","modified":"2026-05-07T15:29:00.000Z","valid_from":"2026-05-07T15:29:00.000Z","name":"e8b920bfb45157633fc43d7ceba57f06fee5e44efa0915c91f337e23b8ff901f","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'e8b920bfb45157633fc43d7ceba57f06fee5e44efa0915c91f337e23b8ff901f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052410625184149917"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49dc00cc-f64d-5d96-a2c2-05c94fb954da","created":"2026-05-07T15:29:00.000Z","modified":"2026-05-07T15:29:00.000Z","valid_from":"2026-05-07T15:29:00.000Z","name":"79490132a67eaeaf1e5242f3dcecced7f4b9983557b2f145a83227c9a89a92e7","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '79490132a67eaeaf1e5242f3dcecced7f4b9983557b2f145a83227c9a89a92e7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052410625184149917"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5cd19d0d-6a96-51b4-b603-1753e85e357e","created":"2026-05-07T15:31:00.000Z","modified":"2026-05-07T15:31:00.000Z","valid_from":"2026-05-07T15:31:00.000Z","name":"2ae60a2143d4bb5be3ea512d9a416dca69c928e6f901dd9427e8efda2cd77597","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '2ae60a2143d4bb5be3ea512d9a416dca69c928e6f901dd9427e8efda2cd77597']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052410950452490277"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ffac95c-1eb0-5644-ac36-5ccf7a36c1ae","created":"2026-05-07T15:38:00.000Z","modified":"2026-05-07T15:38:00.000Z","valid_from":"2026-05-07T15:38:00.000Z","name":"fd648dde5aed7488f1bf49b1cbc6b3ca767933fa86e1272417ce103d71a4e257","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'fd648dde5aed7488f1bf49b1cbc6b3ca767933fa86e1272417ce103d71a4e257']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052412664458985873"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5845a121-35fc-5835-8a3b-700f902aeba1","created":"2026-05-07T15:41:00.000Z","modified":"2026-05-07T15:41:00.000Z","valid_from":"2026-05-07T15:41:00.000Z","name":"278f475b26c7d70b1b7fdff6a7da13df02172cd68cbcbf5913e4a14f6c1e84ed","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '278f475b26c7d70b1b7fdff6a7da13df02172cd68cbcbf5913e4a14f6c1e84ed']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052413410172702729"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00ab0963-6b0f-52f6-b26f-b29441ef0768","created":"2026-05-07T15:45:00.000Z","modified":"2026-05-07T15:45:00.000Z","valid_from":"2026-05-07T15:45:00.000Z","name":"e54a61ea9e40639f1ae69ad6f8718bdf773d28bffdee5f50bcd60ec2f9ca7a5a","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'e54a61ea9e40639f1ae69ad6f8718bdf773d28bffdee5f50bcd60ec2f9ca7a5a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052414526931243046"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d5a6a75-7775-578b-9a51-99e6904f0ca8","created":"2026-05-07T15:51:00.000Z","modified":"2026-05-07T15:51:00.000Z","valid_from":"2026-05-07T15:51:00.000Z","name":"mensualregulaciones.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mensualregulaciones.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052415987576688896"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62866a8f-872d-55c7-bea1-98332e3f31ad","created":"2026-05-07T15:51:00.000Z","modified":"2026-05-07T15:51:00.000Z","valid_from":"2026-05-07T15:51:00.000Z","name":"https://mensualregulaciones.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mensualregulaciones.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052415987576688896"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a348a7d-af52-5c9e-be6c-b5960e6ee4e7","created":"2026-05-07T15:51:00.000Z","modified":"2026-05-07T15:51:00.000Z","valid_from":"2026-05-07T15:51:00.000Z","name":"158.94.209.90","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '158.94.209.90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052415987576688896"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fad065f9-d64f-5196-bc3b-a4c2f322e29d","created":"2026-05-07T15:53:00.000Z","modified":"2026-05-07T15:53:00.000Z","valid_from":"2026-05-07T15:53:00.000Z","name":"0749c21b016062c5bd0655a7caa0864f87bddd5232aaea6eac7a29490bdcd1d7","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '0749c21b016062c5bd0655a7caa0864f87bddd5232aaea6eac7a29490bdcd1d7']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052416432953024834"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d4633c6-ba26-5ba3-a2e7-c3a561629755","created":"2026-05-07T16:00:00.000Z","modified":"2026-05-07T16:00:00.000Z","valid_from":"2026-05-07T16:00:00.000Z","name":"akhil777-j.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'akhil777-j.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052418213338656842"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--54b9874b-1b03-53df-b17c-fafbc7db639d","created":"2026-05-07T16:00:00.000Z","modified":"2026-05-07T16:00:00.000Z","valid_from":"2026-05-07T16:00:00.000Z","name":"http://akhil777-j.github.io/net_task","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://akhil777-j.github.io/net_task']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052418213338656842"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--73e4dd8c-5bf1-522c-8719-d23077d508e1","created":"2026-05-07T16:12:00.000Z","modified":"2026-05-07T16:12:00.000Z","valid_from":"2026-05-07T16:12:00.000Z","name":"513d597d991131f1657ed6df3324263a6230e889746cdcd40a061d0bd4ee54d8","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '513d597d991131f1657ed6df3324263a6230e889746cdcd40a061d0bd4ee54d8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052421277000880196"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d7dbfa8-d848-53f9-9097-2888ac5f7f81","created":"2026-05-07T16:23:00.000Z","modified":"2026-05-07T16:23:00.000Z","valid_from":"2026-05-07T16:23:00.000Z","name":"aeef89818b2212a0b7154eaad28183120ae2a7b90a553b5f4354cd1d7a010598","description":"IOC reported by @akudryk007 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'aeef89818b2212a0b7154eaad28183120ae2a7b90a553b5f4354cd1d7a010598']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/akudryk007/status/2052423999187980292"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5614ddee-afdc-5756-aab5-b9112028180f","created":"2026-05-07T17:25:00.000Z","modified":"2026-05-07T17:25:00.000Z","valid_from":"2026-05-07T17:25:00.000Z","name":"greanworld.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'greanworld.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052439627202699636"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6343859-d8b7-5cdd-91fe-d5e5fe78f353","created":"2026-05-07T17:25:00.000Z","modified":"2026-05-07T17:25:00.000Z","valid_from":"2026-05-07T17:25:00.000Z","name":"https://greanworld.com/operationfinallyhome/complete.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://greanworld.com/operationfinallyhome/complete.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052439627202699636"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2b4ce61-d28c-5b1f-bc32-b7915720031c","created":"2026-05-07T17:25:00.000Z","modified":"2026-05-07T17:25:00.000Z","valid_from":"2026-05-07T17:25:00.000Z","name":"https://greanworld.com/operationfinallyhome/download.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://greanworld.com/operationfinallyhome/download.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052439627202699636"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1070ddfa-4924-5e56-af30-6e8186707b7a","created":"2026-05-07T17:25:00.000Z","modified":"2026-05-07T17:25:00.000Z","valid_from":"2026-05-07T17:25:00.000Z","name":"f182192ca39d692c2920b75c85378ff7d7b4aabb91c3486cf113a6dbe76b05ab","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'f182192ca39d692c2920b75c85378ff7d7b4aabb91c3486cf113a6dbe76b05ab']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052439627202699636"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3e41399-7cfe-5685-b65c-cd26e0329bdf","created":"2026-05-07T18:00:00.000Z","modified":"2026-05-07T18:00:00.000Z","valid_from":"2026-05-07T18:00:00.000Z","name":"nid-naverhoc.onthewifi.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-naverhoc.onthewifi.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2052448393180729577"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a2e21c5-3b9e-5abd-a36a-e31250b9ab9e","created":"2026-05-07T18:00:00.000Z","modified":"2026-05-07T18:00:00.000Z","valid_from":"2026-05-07T18:00:00.000Z","name":"http://nid-naverhoc.onthewifi.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-naverhoc.onthewifi.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2052448393180729577"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fb6d949-690e-570f-9326-f47d4e3ea1f8","created":"2026-05-07T18:00:00.000Z","modified":"2026-05-07T18:00:00.000Z","valid_from":"2026-05-07T18:00:00.000Z","name":"http://27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2052448393180729577"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c41e64fd-bb60-5e1c-a8ea-f62b098b645e","created":"2026-05-07T18:00:00.000Z","modified":"2026-05-07T18:00:00.000Z","valid_from":"2026-05-07T18:00:00.000Z","name":"27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2052448393180729577"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--018cf068-df22-583c-981a-4f877a5aaa65","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"23.32.23.32.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '23.32.23.32.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f513242-dcd0-53c9-82c0-0c5e5268dc9b","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"http://23.32.23.32.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://23.32.23.32.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1dd7a7b-6594-5b9b-b1f0-06d2738d5d59","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"23.32.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '23.32.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ee5a035-48b2-5424-935c-047ecb58c9e1","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"http://23.32.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://23.32.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f0631d1-8bb3-5da1-bba9-ff54e068b036","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"32.23.32.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '32.23.32.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b67219c6-83b2-53f0-83fc-e3e193be1c7c","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"http://32.23.32.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://32.23.32.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8495440-4345-5790-9ce1-07438bc42abb","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"32.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '32.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eabfd0ef-8489-5820-a5cb-c060118d0f07","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"http://32.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://32.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0fdd732-4d69-5bb0-8cef-56bb44d78255","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f225864b-8f7f-51ee-9103-3a5eedb5f31b","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"http://nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--459f1f3d-9440-56be-acb6-ada9f4ab200f","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"check.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'check.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--252a3629-7a60-5dce-bb8c-38dd704ec809","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"http://check.nid-log.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://check.nid-log.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf245c4c-1e34-5e28-a65f-f917f91d3ec0","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"http://123.58.200.216","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://123.58.200.216']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3498dc45-c790-5028-aac1-338478067744","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"123.58.200.216","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '123.58.200.216']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ddb7394-67b2-5e7a-9ecd-78aa7db24a00","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"0ac44ad9cfbc58ed76415f7bc79239f9","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '0ac44ad9cfbc58ed76415f7bc79239f9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6278bf2-5581-50db-8ffc-e105f0be83a0","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"08815400eb034d0c760d031e735bd392","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '08815400eb034d0c760d031e735bd392']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27313abf-b330-5a4f-8c3c-576931e9eb41","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"6d03fd0b89fe997408b9e9e3d5ead602","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '6d03fd0b89fe997408b9e9e3d5ead602']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--159c3e02-fbd2-57c6-b0d8-4845e73483cc","created":"2026-05-07T18:34:00.000Z","modified":"2026-05-07T18:34:00.000Z","valid_from":"2026-05-07T18:34:00.000Z","name":"6f90f6b96fe3a5b79c1935211f557a08","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '6f90f6b96fe3a5b79c1935211f557a08']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052456985321201910"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd323b21-8711-5ec6-a95b-5564aa277ce2","created":"2026-05-07T18:49:00.000Z","modified":"2026-05-07T18:49:00.000Z","valid_from":"2026-05-07T18:49:00.000Z","name":"kevinnotanother.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kevinnotanother.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052460838540202429"}],"labels":["Latrodectus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12538f50-f587-5156-aa0d-71d1dda9a893","created":"2026-05-07T18:49:00.000Z","modified":"2026-05-07T18:49:00.000Z","valid_from":"2026-05-07T18:49:00.000Z","name":"http://kevinnotanother.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kevinnotanother.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052460838540202429"}],"labels":["Latrodectus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--369962c7-412f-5efc-b45f-87801856b485","created":"2026-05-07T18:49:00.000Z","modified":"2026-05-07T18:49:00.000Z","valid_from":"2026-05-07T18:49:00.000Z","name":"http://91.92.242.198","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://91.92.242.198']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052460838540202429"}],"labels":["Latrodectus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05d55182-7a67-5108-85ec-082b216120a0","created":"2026-05-07T18:49:00.000Z","modified":"2026-05-07T18:49:00.000Z","valid_from":"2026-05-07T18:49:00.000Z","name":"91.92.242.198","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.92.242.198']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2052460838540202429"}],"labels":["Latrodectus"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a44d1add-736b-5259-a436-16739f9fe058","created":"2026-05-07T19:18:00.000Z","modified":"2026-05-07T19:18:00.000Z","valid_from":"2026-05-07T19:18:00.000Z","name":"f7cqhx2ygpj-voicemsgmp3listen.vvgggvoicee.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'f7cqhx2ygpj-voicemsgmp3listen.vvgggvoicee.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052468128341451212"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0bd7b4e9-063a-5325-81aa-549fa677a001","created":"2026-05-07T19:18:00.000Z","modified":"2026-05-07T19:18:00.000Z","valid_from":"2026-05-07T19:18:00.000Z","name":"http://f7cqhx2ygpj-voicemsgmp3listen.vvgggvoicee.com/5ecdb3fb0123c33384d6ef916f46f4e1/","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://f7cqhx2ygpj-voicemsgmp3listen.vvgggvoicee.com/5ecdb3fb0123c33384d6ef916f46f4e1/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052468128341451212"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a36ae3ac-517e-530a-adcc-9f1b00512298","created":"2026-05-07T19:18:00.000Z","modified":"2026-05-07T19:18:00.000Z","valid_from":"2026-05-07T19:18:00.000Z","name":"ec15z.gootrtyyy.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ec15z.gootrtyyy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049568997407072720"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93df4948-ad27-5934-8a90-b0d6ff38dba2","created":"2026-05-07T19:18:00.000Z","modified":"2026-05-07T19:18:00.000Z","valid_from":"2026-05-07T19:18:00.000Z","name":"http://ec15z.gootrtyyy.com/kolp/?error=interaction_required&error_description=Session+information+is+not+sufficient+for+single-sign-on","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ec15z.gootrtyyy.com/kolp/?error=interaction_required&error_description=Session+information+is+not+sufficient+for+single-sign-on']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049568997407072720"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--20e6139e-f450-58f4-89fe-d29cc44945b7","created":"2026-05-07T19:18:00.000Z","modified":"2026-05-07T19:18:00.000Z","valid_from":"2026-05-07T19:18:00.000Z","name":"bnlv027hoet-voicemsgmp3listen.voiceggffty.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bnlv027hoet-voicemsgmp3listen.voiceggffty.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049568997407072720"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41a08ea5-2f06-59fc-824f-2339f4902295","created":"2026-05-07T19:18:00.000Z","modified":"2026-05-07T19:18:00.000Z","valid_from":"2026-05-07T19:18:00.000Z","name":"http://bnlv027hoet-voicemsgmp3listen.voiceggffty.com/ecaa6f7e8cf30101e156b9a206a108c2/","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bnlv027hoet-voicemsgmp3listen.voiceggffty.com/ecaa6f7e8cf30101e156b9a206a108c2/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2049568997407072720"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40cd783c-54f7-50f5-b977-06b39e44e280","created":"2026-05-07T20:52:00.000Z","modified":"2026-05-07T20:52:00.000Z","valid_from":"2026-05-07T20:52:00.000Z","name":"netflix-clone-topaz-kappa.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'netflix-clone-topaz-kappa.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052491761038065714"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d41ec59-dee2-5a4f-bcf6-63a1282d0353","created":"2026-05-07T20:52:00.000Z","modified":"2026-05-07T20:52:00.000Z","valid_from":"2026-05-07T20:52:00.000Z","name":"http://netflix-clone-topaz-kappa.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://netflix-clone-topaz-kappa.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052491761038065714"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d346cf3-ff7b-51ed-a156-9a229855c9b2","created":"2026-05-07T21:05:00.000Z","modified":"2026-05-07T21:05:00.000Z","valid_from":"2026-05-07T21:05:00.000Z","name":"6d979466596978ffcb633a0b8c47adedd0778555c0e513fc3d3c84bcef6f036b","description":"IOC reported by @L0Psec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '6d979466596978ffcb633a0b8c47adedd0778555c0e513fc3d3c84bcef6f036b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/L0Psec/status/2052494971563909504"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0362eded-240d-58dc-9f0d-6b00b9147242","created":"2026-05-07T21:25:00.000Z","modified":"2026-05-07T21:25:00.000Z","valid_from":"2026-05-07T21:25:00.000Z","name":"mmmm2026.direct.quickconnect.to","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mmmm2026.direct.quickconnect.to']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052500005563334937"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf6400fc-14f5-51f1-8323-c2c49a90e681","created":"2026-05-07T21:25:00.000Z","modified":"2026-05-07T21:25:00.000Z","valid_from":"2026-05-07T21:25:00.000Z","name":"http://mmmm2026.direct.quickconnect.to","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mmmm2026.direct.quickconnect.to']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052500005563334937"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--085e474a-c07f-5f5a-8312-a6417d790bb3","created":"2026-05-07T21:25:00.000Z","modified":"2026-05-07T21:25:00.000Z","valid_from":"2026-05-07T21:25:00.000Z","name":"http://194.33.45.107","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://194.33.45.107']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052500005563334937"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f92daa71-ecb8-52d1-8eab-65e0c07ba9df","created":"2026-05-07T21:25:00.000Z","modified":"2026-05-07T21:25:00.000Z","valid_from":"2026-05-07T21:25:00.000Z","name":"194.33.45.107","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '194.33.45.107']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052500005563334937"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--19f01719-322d-5f7b-a83c-92aae7c06bab","created":"2026-05-07T22:00:00.000Z","modified":"2026-05-07T22:00:00.000Z","valid_from":"2026-05-07T22:00:00.000Z","name":"zestimate.wixsite.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zestimate.wixsite.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052508806513365107"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6b7659a-bb66-5823-9005-9aee0ed0060e","created":"2026-05-07T22:00:00.000Z","modified":"2026-05-07T22:00:00.000Z","valid_from":"2026-05-07T22:00:00.000Z","name":"https://zestimate.wixsite.com/earthlink","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zestimate.wixsite.com/earthlink']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052508806513365107"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7744439-94bb-5bc1-968d-8c026e1eb228","created":"2026-05-07T22:00:00.000Z","modified":"2026-05-07T22:00:00.000Z","valid_from":"2026-05-07T22:00:00.000Z","name":"digitales-net.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'digitales-net.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052508780382818680"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--430be764-241c-507e-b564-385c4b196a9d","created":"2026-05-07T22:00:00.000Z","modified":"2026-05-07T22:00:00.000Z","valid_from":"2026-05-07T22:00:00.000Z","name":"https://digitales-net.online","description":"IOC reported by @Merlax_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://digitales-net.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Merlax_/status/2052508780382818680"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2238e342-f1b9-547f-a203-95b2ab6b202d","created":"2026-05-07T22:29:00.000Z","modified":"2026-05-07T22:29:00.000Z","valid_from":"2026-05-07T22:29:00.000Z","name":"login.officecloud24.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.officecloud24.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052516072432033926"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7241210a-d152-5fc6-ad25-3a2ffc89381e","created":"2026-05-07T22:29:00.000Z","modified":"2026-05-07T22:29:00.000Z","valid_from":"2026-05-07T22:29:00.000Z","name":"https://login.officecloud24.com/login.html","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.officecloud24.com/login.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052516072432033926"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--026a0899-50c2-5371-80ec-9d7e435bc32f","created":"2026-05-07T22:29:00.000Z","modified":"2026-05-07T22:29:00.000Z","valid_from":"2026-05-07T22:29:00.000Z","name":"94.152.11.118","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.152.11.118']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052516072432033926"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--007e7832-64dd-5ba3-80a6-4316a15e347d","created":"2026-05-08T00:00:00.000Z","modified":"2026-05-08T00:00:00.000Z","valid_from":"2026-05-08T00:00:00.000Z","name":"month-gasoline-seasoned.heyflow.site","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'month-gasoline-seasoned.heyflow.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052539040868536427"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6802659f-7cbc-5b7f-8b8d-76a3ce8385d7","created":"2026-05-08T00:00:00.000Z","modified":"2026-05-08T00:00:00.000Z","valid_from":"2026-05-08T00:00:00.000Z","name":"http://month-gasoline-seasoned.heyflow.site/at_t-mail-12260c","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://month-gasoline-seasoned.heyflow.site/at_t-mail-12260c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052539040868536427"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--487d0c69-b737-5b39-913c-147af59d1070","created":"2026-05-08T00:10:00.000Z","modified":"2026-05-08T00:10:00.000Z","valid_from":"2026-05-08T00:10:00.000Z","name":"137.220.152.149","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '137.220.152.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2052541600086270051"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--95281413-4a50-50c6-bb65-c67e183a814c","created":"2026-05-08T00:56:00.000Z","modified":"2026-05-08T00:56:00.000Z","valid_from":"2026-05-08T00:56:00.000Z","name":"ipi4tiumgzjsym6pyuzrfqrtwskokxokqannmd6sa24shvr7x5kxdvqd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ipi4tiumgzjsym6pyuzrfqrtwskokxokqannmd6sa24shvr7x5kxdvqd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2052553275908690198"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--056411a5-8e7a-5794-be66-bede90b5a09e","created":"2026-05-08T00:56:00.000Z","modified":"2026-05-08T00:56:00.000Z","valid_from":"2026-05-08T00:56:00.000Z","name":"http://ipi4tiumgzjsym6pyuzrfqrtwskokxokqannmd6sa24shvr7x5kxdvqd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ipi4tiumgzjsym6pyuzrfqrtwskokxokqannmd6sa24shvr7x5kxdvqd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2052553275908690198"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f613820-75e9-5f25-922b-d7159c4339c5","created":"2026-05-08T00:56:00.000Z","modified":"2026-05-08T00:56:00.000Z","valid_from":"2026-05-08T00:56:00.000Z","name":"j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2052553275908690198"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b33de762-b37d-56c8-b007-fa246339152c","created":"2026-05-08T00:56:00.000Z","modified":"2026-05-08T00:56:00.000Z","valid_from":"2026-05-08T00:56:00.000Z","name":"http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j75o7xvvsm4lpsjhkjvb4wl2q6ajegvabe6oswthuaubbykk4xkzgpid.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2052553275908690198"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f98e3f7-c98f-5456-b7e8-3a148723b54d","created":"2026-05-08T00:56:00.000Z","modified":"2026-05-08T00:56:00.000Z","valid_from":"2026-05-08T00:56:00.000Z","name":"k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2052553275908690198"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c5f3d36d-a0f3-5cd7-acde-851d874b65e3","created":"2026-05-08T00:56:00.000Z","modified":"2026-05-08T00:56:00.000Z","valid_from":"2026-05-08T00:56:00.000Z","name":"http://k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://k7kg3jqxang3wh7hnmaiokchk7qoebupfgoik6rha6mjpzwupwtj25yd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2052553275908690198"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd1bb8e1-59b9-5e2d-9cc0-f2ed402e501c","created":"2026-05-08T00:57:00.000Z","modified":"2026-05-08T00:57:00.000Z","valid_from":"2026-05-08T00:57:00.000Z","name":"mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2052553475968708682"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e9ebff1-a571-5c56-a4d1-7fb4dd23dd65","created":"2026-05-08T00:57:00.000Z","modified":"2026-05-08T00:57:00.000Z","valid_from":"2026-05-08T00:57:00.000Z","name":"http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2052553475968708682"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f462d5c5-c6db-5553-adae-7b8af155eb64","created":"2026-05-08T00:58:00.000Z","modified":"2026-05-08T00:58:00.000Z","valid_from":"2026-05-08T00:58:00.000Z","name":"http://104.245.245.50:5000","description":"IOC reported by @johnk3r on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.245.245.50:5000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/johnk3r/status/2052553712803959225"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b341635-c2f6-5d93-b777-1bf207f46564","created":"2026-05-08T00:58:00.000Z","modified":"2026-05-08T00:58:00.000Z","valid_from":"2026-05-08T00:58:00.000Z","name":"104.245.245.50","description":"IOC reported by @johnk3r on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.245.245.50']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/johnk3r/status/2052553712803959225"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa5c6a10-1326-5f01-b8a1-876fffcbe66b","created":"2026-05-08T01:40:00.000Z","modified":"2026-05-08T01:40:00.000Z","valid_from":"2026-05-08T01:40:00.000Z","name":"5a1c14335d0a8b007ff2813e6ef738e8836be38257cc82fe03c02b71d71e1b01","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5a1c14335d0a8b007ff2813e6ef738e8836be38257cc82fe03c02b71d71e1b01']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2012236014253662296"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--93b651fc-71ac-52da-8859-8c6a00170fd4","created":"2026-05-08T02:00:00.000Z","modified":"2026-05-08T02:00:00.000Z","valid_from":"2026-05-08T02:00:00.000Z","name":"wweebbbddeee.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wweebbbddeee.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052569206852301013"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0dd85f73-6542-5cdc-b772-018a677cf4c8","created":"2026-05-08T02:00:00.000Z","modified":"2026-05-08T02:00:00.000Z","valid_from":"2026-05-08T02:00:00.000Z","name":"https://wweebbbddeee.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wweebbbddeee.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052569206852301013"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--301d94d0-1bba-5f64-a11c-14896f789222","created":"2026-05-08T03:52:00.000Z","modified":"2026-05-08T03:52:00.000Z","valid_from":"2026-05-08T03:52:00.000Z","name":"horizonteconsult.com.br","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'horizonteconsult.com.br']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052597598436126731"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84b87a69-86d8-5d9a-a696-85ba5b48146c","created":"2026-05-08T03:52:00.000Z","modified":"2026-05-08T03:52:00.000Z","valid_from":"2026-05-08T03:52:00.000Z","name":"http://horizonteconsult.com.br/adobe/download.html","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://horizonteconsult.com.br/adobe/download.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052597598436126731"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--94a898d5-4a72-5377-9d01-2d8f2730def4","created":"2026-05-08T03:52:00.000Z","modified":"2026-05-08T03:52:00.000Z","valid_from":"2026-05-08T03:52:00.000Z","name":"http://horizonteconsult.com.br/adobe/complete.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://horizonteconsult.com.br/adobe/complete.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052597598436126731"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f25dd1a8-4c35-5277-8936-0320775f9244","created":"2026-05-08T03:52:00.000Z","modified":"2026-05-08T03:52:00.000Z","valid_from":"2026-05-08T03:52:00.000Z","name":"https://horizonteconsult.com.br/adobe/download.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://horizonteconsult.com.br/adobe/download.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052597598436126731"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2a97c71-2ad5-507f-8de2-b021d2f4c94d","created":"2026-05-08T03:52:00.000Z","modified":"2026-05-08T03:52:00.000Z","valid_from":"2026-05-08T03:52:00.000Z","name":"1706da372629c3e4e840eedd50ee85480105d9bd615c42119ad2638b1751b432","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '1706da372629c3e4e840eedd50ee85480105d9bd615c42119ad2638b1751b432']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052597598436126731"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--95780ad6-a7bf-572c-b69a-1bf261b7a4f8","created":"2026-05-08T04:00:00.000Z","modified":"2026-05-08T04:00:00.000Z","valid_from":"2026-05-08T04:00:00.000Z","name":"app.qpointsurvey.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'app.qpointsurvey.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052599428700115372"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28fd0831-c5ec-5b4b-b12f-ff1234143e27","created":"2026-05-08T04:00:00.000Z","modified":"2026-05-08T04:00:00.000Z","valid_from":"2026-05-08T04:00:00.000Z","name":"http://app.qpointsurvey.com/s/vjmotsuhuve7al3c","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://app.qpointsurvey.com/s/vjmotsuhuve7al3c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052599428700115372"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c13e2770-cf00-5762-bed8-227539172288","created":"2026-05-08T04:08:00.000Z","modified":"2026-05-08T04:08:00.000Z","valid_from":"2026-05-08T04:08:00.000Z","name":"fontem.org","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fontem.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052601573352599901"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d4cebf4-bf49-5383-8124-3cc7565574ae","created":"2026-05-08T04:08:00.000Z","modified":"2026-05-08T04:08:00.000Z","valid_from":"2026-05-08T04:08:00.000Z","name":"https://fontem.org/wp-admin/Advisor_Share_Wealth_Management/download.html","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://fontem.org/wp-admin/Advisor_Share_Wealth_Management/download.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052601573352599901"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--baca8cfd-9867-53e2-bed0-e5a4716ad4f6","created":"2026-05-08T04:08:00.000Z","modified":"2026-05-08T04:08:00.000Z","valid_from":"2026-05-08T04:08:00.000Z","name":"https://fontem.org/wp-admin/Advisor_Share_Wealth_Management/complete.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://fontem.org/wp-admin/Advisor_Share_Wealth_Management/complete.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052601573352599901"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c831ba2d-7b17-59eb-a2d1-74097d58c18d","created":"2026-05-08T04:08:00.000Z","modified":"2026-05-08T04:08:00.000Z","valid_from":"2026-05-08T04:08:00.000Z","name":"https://fontem.org/wp-admin/Advisor_Share_Wealth_Management/download.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://fontem.org/wp-admin/Advisor_Share_Wealth_Management/download.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052601573352599901"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c23c078f-abf0-5f81-8304-a6b988f0815c","created":"2026-05-08T04:08:00.000Z","modified":"2026-05-08T04:08:00.000Z","valid_from":"2026-05-08T04:08:00.000Z","name":"remote.wrightliggh.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'remote.wrightliggh.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052601573352599901"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5749177-7dfe-5760-87e7-2a2cc531883e","created":"2026-05-08T04:08:00.000Z","modified":"2026-05-08T04:08:00.000Z","valid_from":"2026-05-08T04:08:00.000Z","name":"http://remote.wrightliggh.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://remote.wrightliggh.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052601573352599901"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--965d9cbf-6c4a-5d45-87bc-548b042b62b9","created":"2026-05-08T04:08:00.000Z","modified":"2026-05-08T04:08:00.000Z","valid_from":"2026-05-08T04:08:00.000Z","name":"c143e4e66d3d0de754da401c34f0039eab71860b0f5d2d6227b8021677de9c4d","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c143e4e66d3d0de754da401c34f0039eab71860b0f5d2d6227b8021677de9c4d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052601573352599901"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8fa8f5b-6a94-52e0-9ba1-6b314234507f","created":"2026-05-08T04:48:00.000Z","modified":"2026-05-08T04:48:00.000Z","valid_from":"2026-05-08T04:48:00.000Z","name":"nmohtdt.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nmohtdt.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052611597923975190"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1ed60f8-f73d-5700-9928-537ec60edb1a","created":"2026-05-08T04:48:00.000Z","modified":"2026-05-08T04:48:00.000Z","valid_from":"2026-05-08T04:48:00.000Z","name":"https://nmohtdt.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nmohtdt.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052611597923975190"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d22055a4-01af-5652-94d7-de78d8f33ae7","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnkd.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnkd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b7872b4-678d-5059-bece-778444c4d64d","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnkd.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnkd.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--19278419-b7ab-5e49-b179-d9dbac19fbce","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnkc.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnkc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7975b05e-2d86-5e06-8032-9110648de02f","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnkc.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnkc.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--53469ff9-bc3b-5557-b5b7-bfe654061884","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnke.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnke.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c4b0742-9f1e-569a-b8df-a820533123f5","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnke.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnke.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1e26d74-5d58-5bea-91a5-a5507cfcb923","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnki.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnki.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d2f7b58-dba6-559c-af25-69e6262f64ab","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnki.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnki.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--81e1a7a7-1b4f-538a-ac43-25053e278d5d","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnkj.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnkj.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd1117b3-13ad-55d1-a663-00b550bb8da7","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnkj.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnkj.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e035bfc-7da4-56d6-ae9f-a58718995c6b","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnkh.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnkh.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--62d6d8bf-a571-5c8c-b075-08b1b5a05cfc","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnkh.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnkh.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--23c21d9a-97b1-5353-9a8e-6253c0ed920a","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnkf.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnkf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c3ee2db-6d87-57cb-8559-3c4836fbe026","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnkf.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnkf.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c57282f-a4bf-5159-8584-b2333c7c9b66","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnkg.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnkg.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4c1b0e2-3bf5-592f-b162-03c01e7dd0ca","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnkg.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnkg.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--994eb8cd-3514-5108-8c8c-d87148a4784a","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnkb.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnkb.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--44c89e41-27df-5208-b7ed-831c4c61e682","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnkb.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnkb.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ae24bb6-d616-5eef-b81d-720590f3519b","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"ashikagb-bnnka.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashikagb-bnnka.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0226037-d760-5783-b226-89151c500fa2","created":"2026-05-08T05:14:00.000Z","modified":"2026-05-08T05:14:00.000Z","valid_from":"2026-05-08T05:14:00.000Z","name":"https://ashikagb-bnnka.com/pages/db/dbca0100/input/clientviews/CCT0080=0120","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ashikagb-bnnka.com/pages/db/dbca0100/input/clientviews/CCT0080=0120']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052618235368112422"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--983cc3a5-3e3e-559b-aaa6-5f7b4fa96708","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"jppost--japan.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jppost--japan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ccde2f50-9e3a-53b9-b387-88b663b9b8e5","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"https://jppost--japan.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jppost--japan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d380c24-f217-5c02-a884-fff6efc220a0","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"japan--postjp.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'japan--postjp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a53bfb9-c0d5-56e5-9d2f-0f4fff0e3f09","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"https://japan--postjp.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://japan--postjp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6045563d-d973-54ce-80e2-36b5692a021e","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"post--japanpost.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'post--japanpost.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--735ae1ef-b3f3-5719-82c5-28a78f7a41b9","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"https://post--japanpost.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://post--japanpost.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--65b29417-db53-57e5-b3ec-d2466f0f4692","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"post--jppost.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'post--jppost.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--405f35e4-4010-5fb4-b253-9c396f8523d4","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"https://post--jppost.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://post--jppost.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7310162a-f986-5d1e-8127-1f17d677f0e6","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"japan--post.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'japan--post.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--76ee86ca-a77c-5356-9823-0299a291fdd7","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"https://japan--post.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://japan--post.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb65aa6a-1e91-56e1-ad8e-b06d39704eea","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"post--japan.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'post--japan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca054ab8-7bd0-5d65-b1a9-e2b31505f2ff","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"https://post--japan.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://post--japan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--dcec9562-e5b4-5ef0-8b63-2f6b3befe24d","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"jppost-postjapan.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jppost-postjapan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d1969fd-a309-53b8-88ef-d919fb0c5100","created":"2026-05-08T05:21:00.000Z","modified":"2026-05-08T05:21:00.000Z","valid_from":"2026-05-08T05:21:00.000Z","name":"https://jppost-postjapan.com","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jppost-postjapan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052619864611954981"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7718846-9507-511f-a1f1-b42c0cbb8fce","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"31.56.209.77","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.56.209.77']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bdaf8551-bdd5-5348-9074-c56bb44f5e4e","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"31.56.209.82","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.56.209.82']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9f658df-21db-5802-8be6-78a2e2d1d37f","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"31.57.184.187","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.57.184.187']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d57fd10-9441-5766-9b29-3b035dd1ebba","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"45.9.168.220","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.9.168.220']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27eb505d-5932-593a-aaba-dc7c4bc35a7c","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"45.74.19.149","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.74.19.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d7164c7-f034-5eb0-a0f4-99c118bb36e5","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"46.183.223.21","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '46.183.223.21']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5d268a9-bf80-5454-827d-f62482f344bd","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"54.37.128.55","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '54.37.128.55']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--565599b4-6b38-5a99-84d5-2e1154332ef6","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"77.83.39.212","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.83.39.212']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--df8651d3-d48a-5d3d-aa06-131e0156fc15","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"84.247.142.79","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '84.247.142.79']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40c94fe6-fefb-5428-a7b1-3b0296da3e79","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"104.168.5.25","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.168.5.25']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7a091cc-6849-568a-8101-7ce76589a7b1","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"130.12.181.93","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '130.12.181.93']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae4f6e15-2a6f-5da5-afa2-3e2c12d4535b","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"146.70.244.90","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '146.70.244.90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0390e0d3-e668-566c-a029-bdb00786e670","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"149.33.34.27","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '149.33.34.27']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99ec3f79-b4fd-586b-8a00-47bbac1cd73e","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"192.227.219.75","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.227.219.75']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052622420222091620"}],"labels":["RAT","Remcos"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e8dab93-fefe-566c-8adb-ed4f50f6b28b","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"ashrafreda.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ashrafreda.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2bb0ee3d-2380-5713-923b-d59b241b29f5","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://ashrafreda.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ashrafreda.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0f6f247-9436-5180-9f26-f3519ed2d019","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"atomicurl.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'atomicurl.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41f036a1-4bd5-53ea-8ba3-1cd4e4ae3168","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://atomicurl.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://atomicurl.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25e312c0-e641-5a53-98df-f1030260f873","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"voice0356.us","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'voice0356.us']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdc90006-2f08-5cfa-adda-89d6cc04c0de","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://voice0356.us","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://voice0356.us']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47056586-b1db-5c67-9d15-77c7888af6b7","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"techformulagrayfellowshipinvestments.tvwpotalsources.vu","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'techformulagrayfellowshipinvestments.tvwpotalsources.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--944947e0-bfcf-5207-9321-fbd94e2d2dee","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://techformulagrayfellowshipinvestments.tvwpotalsources.vu","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://techformulagrayfellowshipinvestments.tvwpotalsources.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b7572d0-565c-5f69-bb1c-f8326d27f695","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"easywaytech.co.ke","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'easywaytech.co.ke']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3660602-48fb-5b24-86e9-9ff8d7a3ee37","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://easywaytech.co.ke","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://easywaytech.co.ke']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf553ac7-ac1a-5a20-abcb-42d8b4bed554","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"enthusiastic-secure-link-go.base44.app","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'enthusiastic-secure-link-go.base44.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e855409-1a66-5205-95d5-9d5079ade935","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://enthusiastic-secure-link-go.base44.app","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://enthusiastic-secure-link-go.base44.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4ea0ccd-8a61-5246-8800-de9e49b05243","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"freight-sync-link.base44.app","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'freight-sync-link.base44.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33fe31f1-5f38-5ad2-84aa-82086a73cc13","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://freight-sync-link.base44.app","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://freight-sync-link.base44.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fe14517-6ce7-5b29-b128-453230129a2a","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"login.yum.homes","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.yum.homes']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe9d3897-f754-5470-b10d-1d6048f25b7e","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://login.yum.homes","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://login.yum.homes']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e43f4ade-6b05-551f-b574-ab65c3964c12","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"office.cotiviti.top","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'office.cotiviti.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce782272-19f2-5467-bd6b-bd09f4777894","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://office.cotiviti.top","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://office.cotiviti.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c28daa8-392f-593b-90dc-b734c8bcd4ba","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"hticybernetics.com.sharepoint.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hticybernetics.com.sharepoint.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a21d5bd-38cf-5483-b883-b929f9b6fb3c","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://hticybernetics.com.sharepoint.com/s/finance/Eba1","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hticybernetics.com.sharepoint.com/s/finance/Eba1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--20710469-4c90-5437-bb71-752bb65574cb","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"berenzweiglaw.com.sharepoint.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'berenzweiglaw.com.sharepoint.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43dc3149-f226-5554-95ba-c770f001d1bf","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://berenzweiglaw.com.sharepoint.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://berenzweiglaw.com.sharepoint.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1d04785-c4d4-57ce-a72d-3eff6bac35a9","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"serviceamericanreprographicscompany.golkppdmansachs.vu","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'serviceamericanreprographicscompany.golkppdmansachs.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21f0d63f-d531-5b92-b439-7dbb2d6b4d5d","created":"2026-05-08T05:31:00.000Z","modified":"2026-05-08T05:31:00.000Z","valid_from":"2026-05-08T05:31:00.000Z","name":"http://serviceamericanreprographicscompany.golkppdmansachs.vu","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://serviceamericanreprographicscompany.golkppdmansachs.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2052622300416196856"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cff08707-0e23-50bc-ae4d-f5a02577e1bf","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"mudggc.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mudggc.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca098074-4e46-5df7-9472-9db8956365de","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://mudggc.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mudggc.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--79d772f5-71c4-5f79-afed-a8ebd52edf11","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"bvfcac.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bvfcac.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--49e52738-9e28-571f-bb59-71a82b19ea2f","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://bvfcac.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bvfcac.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--01afa27e-1dcc-5ce7-bb07-e9b36a786b6f","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"nbzqxe.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nbzqxe.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b5d2350-cdfe-55c1-bee7-c693dcf59c34","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://nbzqxe.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nbzqxe.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--93217519-3c02-5966-a081-a7fe399f9a2f","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"qpfhi.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'qpfhi.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1c25874-53e5-5682-8d0b-372e881721a1","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://qpfhi.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://qpfhi.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--557b2c01-36b8-5bae-a108-be953d27d15d","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"kenkbr.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kenkbr.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b389314-85c5-55fe-8c83-4e7c60191ddd","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://kenkbr.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://kenkbr.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea982343-577d-5f4c-ba61-b7efe09f803f","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"nezon.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nezon.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--11c06dd4-ae31-5d55-bc72-aa0029d074b3","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://nezon.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nezon.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b45c193-d5fb-5d47-b0b8-ebaba1b0dd4e","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"rfesoj.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rfesoj.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--682ea4b6-9535-511e-95ef-1fc001d265ed","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://rfesoj.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rfesoj.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c5218d22-16b8-5bba-95cc-e5a9b469fb55","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"rdkifi.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rdkifi.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--27c961eb-e518-58d1-b539-631072614cc7","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://rdkifi.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rdkifi.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9bf087e-9f4b-5c53-8cff-6f9ff6e6d545","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"teubzs.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'teubzs.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c03a7886-81e3-55b7-a36c-15044b190d66","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://teubzs.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://teubzs.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e14e15d-b6bc-5026-b628-c8402c861650","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"nakyl.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nakyl.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f56ef09-5825-567a-84e8-4bd8b7675ab7","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://nakyl.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nakyl.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d42b0759-cf2b-5a52-b192-876c63a5e105","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"rlzxvii.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rlzxvii.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3dcbf6ae-e653-5074-9da0-6aa7f4cc7aba","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://rlzxvii.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rlzxvii.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9b85327-3e9c-5a4a-93a1-4188c21d9ba3","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"oabgfv.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'oabgfv.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--810d9bb3-a745-5e53-a1c3-53666c918521","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://oabgfv.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://oabgfv.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--428a7ba2-2586-5d48-a455-c957e8011056","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"jighkb.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jighkb.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--497c3299-58d4-5f84-aaf6-5c15e1a0acd1","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://jighkb.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jighkb.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f4c4036-a931-5a31-8ea1-bc2462da054a","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"lmlbjr.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lmlbjr.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--df037336-3e7a-5243-b9ee-0f6fad226e3a","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://lmlbjr.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://lmlbjr.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1413306b-7165-53fd-9564-6d800b3d421a","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"gkwssi.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gkwssi.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--47777a9d-aab1-5be1-92fb-e57d9048edae","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://gkwssi.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://gkwssi.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--89c02506-2dae-580e-a057-369feff3247a","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"aajrvt.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'aajrvt.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b342b73-21f0-5265-a0b1-4a59854bd8c9","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://aajrvt.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://aajrvt.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e60dbcd-710a-50c1-a62c-7f03b83c4a74","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"iknsvx.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iknsvx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6623368-30b6-5580-8a6c-435a2d314370","created":"2026-05-08T05:38:00.000Z","modified":"2026-05-08T05:38:00.000Z","valid_from":"2026-05-08T05:38:00.000Z","name":"https://iknsvx.cn","description":"IOC reported by @KesaGataMe0 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://iknsvx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/KesaGataMe0/status/2052624191409770784"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd214009-d622-5898-b940-10e469817b3c","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"8.210.238.216","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.210.238.216']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--04847e17-74c5-5b8e-96f6-1d8651a018e8","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"8.222.143.232","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.222.143.232']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8651c90-1196-5a55-a20b-8222678ff11c","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"23.226.57.45","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '23.226.57.45']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e472494-ac2d-5698-bd88-e0e9bcb9a5c2","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"43.229.114.154","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.229.114.154']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4b3707a-7904-5630-8349-009500b0ac12","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"47.76.195.75","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.76.195.75']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b3f0438-651c-5823-a51d-0e3490ec19a0","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"47.84.32.184","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.84.32.184']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4dbab25f-ebd4-5d55-9393-40b934c0b443","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"47.84.203.113","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.84.203.113']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fac764d-3594-55d6-b504-a0751b2fb634","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"47.236.106.45","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.236.106.45']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--31d4b309-775d-5504-bcf4-558ff78a7b94","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"47.237.206.223","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.237.206.223']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d20b7c15-dd35-5e88-88d0-38f9db4657d5","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"47.250.88.61","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.250.88.61']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d65732fb-07a2-5d6f-8b4b-1b0b36ea6be6","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"47.250.140.98","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.250.140.98']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--44813c70-4b06-5229-a326-c3742d113017","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"47.254.195.155","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.254.195.155']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--27df28cf-bd94-54ba-b762-0e8d0cc5c3ad","created":"2026-05-08T05:53:00.000Z","modified":"2026-05-08T05:53:00.000Z","valid_from":"2026-05-08T05:53:00.000Z","name":"47.254.213.50","description":"IOC reported by @K_N1kolenko on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '47.254.213.50']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/K_N1kolenko/status/2052627848687386797"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d7d3665-7f24-58ad-8d9f-925d81482b9a","created":"2026-05-08T06:01:00.000Z","modified":"2026-05-08T06:01:00.000Z","valid_from":"2026-05-08T06:01:00.000Z","name":"tecote.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tecote.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052630049288016269"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64d80aab-fcb6-55fc-852d-f8e9d9b1a382","created":"2026-05-08T06:01:00.000Z","modified":"2026-05-08T06:01:00.000Z","valid_from":"2026-05-08T06:01:00.000Z","name":"https://www.tecote.com/liopa_home/","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.tecote.com/liopa_home/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052630049288016269"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9420a90-e412-5f12-873a-02e70eac81e6","created":"2026-05-08T06:01:00.000Z","modified":"2026-05-08T06:01:00.000Z","valid_from":"2026-05-08T06:01:00.000Z","name":"https://www.tecote.com/liopa_home/download.html","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.tecote.com/liopa_home/download.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052630049288016269"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93a4f36f-83fa-5188-927a-886ddc1c932f","created":"2026-05-08T06:01:00.000Z","modified":"2026-05-08T06:01:00.000Z","valid_from":"2026-05-08T06:01:00.000Z","name":"https://www.tecote.com/liopa_home/download.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.tecote.com/liopa_home/download.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052630049288016269"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee710b8e-20dc-5e08-96ba-724e55eab5cd","created":"2026-05-08T06:01:00.000Z","modified":"2026-05-08T06:01:00.000Z","valid_from":"2026-05-08T06:01:00.000Z","name":"298f59d1f3b905563e7c5830911b11607583c0cad4a539ac4c6bdbfe4a1356c6","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '298f59d1f3b905563e7c5830911b11607583c0cad4a539ac4c6bdbfe4a1356c6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2052630049288016269"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b3d37ae-7e87-5e44-9ae0-46aa2b3910b4","created":"2026-05-08T06:25:00.000Z","modified":"2026-05-08T06:25:00.000Z","valid_from":"2026-05-08T06:25:00.000Z","name":"donarimadafo.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'donarimadafo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052636000921477346"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b7a82cf-e891-5db7-9d61-7e345b1cbbb8","created":"2026-05-08T06:25:00.000Z","modified":"2026-05-08T06:25:00.000Z","valid_from":"2026-05-08T06:25:00.000Z","name":"http://donarimadafo.com/spg/login.php","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://donarimadafo.com/spg/login.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2052636000921477346"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ec93172-b2a7-5f47-b94c-116ed28ecbe8","created":"2026-05-08T07:13:00.000Z","modified":"2026-05-08T07:13:00.000Z","valid_from":"2026-05-08T07:13:00.000Z","name":"cyiqzkk.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cyiqzkk.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052647982995276056"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--888c6a23-79ba-5601-ae07-78ba82e9922b","created":"2026-05-08T07:13:00.000Z","modified":"2026-05-08T07:13:00.000Z","valid_from":"2026-05-08T07:13:00.000Z","name":"https://cyiqzkk.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cyiqzkk.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052647982995276056"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db59b7bf-1297-5923-bc6a-1f4775dd406a","created":"2026-05-08T08:00:00.000Z","modified":"2026-05-08T08:00:00.000Z","valid_from":"2026-05-08T08:00:00.000Z","name":"junoxfiinc.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'junoxfiinc.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052659831832457442"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffbc0e2f-361f-55e8-9310-f2e4603b930a","created":"2026-05-08T08:00:00.000Z","modified":"2026-05-08T08:00:00.000Z","valid_from":"2026-05-08T08:00:00.000Z","name":"https://junoxfiinc.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://junoxfiinc.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052659831832457442"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4ae648aa-b0b4-527e-9b95-29afb571db7b","created":"2026-05-08T09:35:00.000Z","modified":"2026-05-08T09:35:00.000Z","valid_from":"2026-05-08T09:35:00.000Z","name":"oasis-aviation-named-pike.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'oasis-aviation-named-pike.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052683774232498240"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d2e105d-bf50-5aeb-b716-34f9333d104f","created":"2026-05-08T09:35:00.000Z","modified":"2026-05-08T09:35:00.000Z","valid_from":"2026-05-08T09:35:00.000Z","name":"https://oasis-aviation-named-pike.trycloudflare.com/hen/","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://oasis-aviation-named-pike.trycloudflare.com/hen/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052683774232498240"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--edde390a-ba22-5a43-a695-012869bfdaa6","created":"2026-05-08T09:39:00.000Z","modified":"2026-05-08T09:39:00.000Z","valid_from":"2026-05-08T09:39:00.000Z","name":"12.5.0.242","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '12.5.0.242']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2052684683926802800"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f75ea8e-6805-5f50-81ad-904e3cabc5c8","created":"2026-05-08T10:00:00.000Z","modified":"2026-05-08T10:00:00.000Z","valid_from":"2026-05-08T10:00:00.000Z","name":"sudrex.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sudrex.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052690031010086951"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--738a0fce-8583-5630-823e-4bb3576284ff","created":"2026-05-08T10:00:00.000Z","modified":"2026-05-08T10:00:00.000Z","valid_from":"2026-05-08T10:00:00.000Z","name":"https://sudrex.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sudrex.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052690031010086951"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6995764f-1c48-5696-a5e5-efd482f26e0d","created":"2026-05-08T10:08:00.000Z","modified":"2026-05-08T10:08:00.000Z","valid_from":"2026-05-08T10:08:00.000Z","name":"cas-blocks-disciplinary-practice.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cas-blocks-disciplinary-practice.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052692036340400446"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--544b1837-c901-5e5b-9955-ecd146801959","created":"2026-05-08T10:08:00.000Z","modified":"2026-05-08T10:08:00.000Z","valid_from":"2026-05-08T10:08:00.000Z","name":"https://cas-blocks-disciplinary-practice.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cas-blocks-disciplinary-practice.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052692036340400446"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ab93b1f-49bf-59e4-8999-f580df082bca","created":"2026-05-08T10:13:00.000Z","modified":"2026-05-08T10:13:00.000Z","valid_from":"2026-05-08T10:13:00.000Z","name":"w1.topayapp.org:65512","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'w1.topayapp.org:65512']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052693305176015087"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d71f0428-00b9-5764-8924-4b0433e11bf6","created":"2026-05-08T10:13:00.000Z","modified":"2026-05-08T10:13:00.000Z","valid_from":"2026-05-08T10:13:00.000Z","name":"http://w1.topayapp.org:65512","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://w1.topayapp.org:65512']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052693305176015087"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a931e14-2c3d-5fe6-9f62-ce947c215942","created":"2026-05-08T10:13:00.000Z","modified":"2026-05-08T10:13:00.000Z","valid_from":"2026-05-08T10:13:00.000Z","name":"a78188a50f25e9b28f52c297dc4137c81f8da60d1a1422735378f1416a36bc92","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'a78188a50f25e9b28f52c297dc4137c81f8da60d1a1422735378f1416a36bc92']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052693305176015087"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6cf664d1-b5b3-5cb0-a3e9-6a8dfbe424fb","created":"2026-05-08T10:16:00.000Z","modified":"2026-05-08T10:16:00.000Z","valid_from":"2026-05-08T10:16:00.000Z","name":"http://104.194.154.116","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://104.194.154.116']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052694060696019193"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--053c84a9-ef6a-5e2d-a9e6-6fc80474c010","created":"2026-05-08T10:16:00.000Z","modified":"2026-05-08T10:16:00.000Z","valid_from":"2026-05-08T10:16:00.000Z","name":"104.194.154.116","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.194.154.116']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052694060696019193"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c5c5765a-ed82-57bf-908a-01e1bd237294","created":"2026-05-08T10:19:00.000Z","modified":"2026-05-08T10:19:00.000Z","valid_from":"2026-05-08T10:19:00.000Z","name":"d75edc42b3c9f2af7dee42ec38a12ae12a43983b7012afee4f8a1959e1d6d8a9","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd75edc42b3c9f2af7dee42ec38a12ae12a43983b7012afee4f8a1959e1d6d8a9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052694940002451578"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b60fe3a-1cd8-55e1-a0d5-8fb7bee10f74","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"endlessai.io","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'endlessai.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a02d672-1a33-5801-bd7d-85c43df6cd1b","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"http://endlessai.io","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://endlessai.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--313f4c85-f86d-5f41-b764-f0065b90dc49","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"socolive.studio","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'socolive.studio']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--816b1d7f-19a5-5c72-859d-707dbd3b6269","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"http://socolive.studio","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://socolive.studio']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--088bb71e-09b3-51b9-9fe7-32ee6e1fc9b5","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"novatoken.io","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'novatoken.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c92f3dc7-82e3-53b3-b0a5-46027ae8df53","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"http://novatoken.io","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://novatoken.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e89e78c-00fa-5861-bf36-f87142f5a9e1","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"xoilac-3.com","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xoilac-3.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3867075d-0e1d-5e2c-b22b-9eec3830b280","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"http://xoilac-3.com","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xoilac-3.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01eaa63f-404a-53ea-b4a7-ab55487bea9b","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"techieankit.in","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'techieankit.in']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e11aea2-cfe6-5541-8981-ba8d0762ba48","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"http://techieankit.in","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://techieankit.in']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d07cf36-db45-54d6-a669-54f4c3eadca0","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"cakhia03.tv","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cakhia03.tv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7f31984-8b6c-5caa-87e1-1660a13d4cec","created":"2026-05-08T10:34:00.000Z","modified":"2026-05-08T10:34:00.000Z","valid_from":"2026-05-08T10:34:00.000Z","name":"http://cakhia03.tv","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cakhia03.tv']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2052698678977061065"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce0007de-d91f-5573-8c4d-08cff426aff4","created":"2026-05-08T10:43:00.000Z","modified":"2026-05-08T10:43:00.000Z","valid_from":"2026-05-08T10:43:00.000Z","name":"ef5b753e5a2118d18c5e809c3d159a35","description":"IOC reported by @askardyuss on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'ef5b753e5a2118d18c5e809c3d159a35']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/askardyuss/status/2052700974301827268"}],"labels":["MustangPanda"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c35888ed-bf2b-5bbc-9668-df6872c587e6","created":"2026-05-08T11:56:00.000Z","modified":"2026-05-08T11:56:00.000Z","valid_from":"2026-05-08T11:56:00.000Z","name":"votelit.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'votelit.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052719394338353331"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63c18a0c-79e1-54d2-9aff-af2e1742256e","created":"2026-05-08T11:56:00.000Z","modified":"2026-05-08T11:56:00.000Z","valid_from":"2026-05-08T11:56:00.000Z","name":"http://votelit.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://votelit.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052719394338353331"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--19b4de7e-3413-55dd-b54d-99f45d988489","created":"2026-05-08T12:00:00.000Z","modified":"2026-05-08T12:00:00.000Z","valid_from":"2026-05-08T12:00:00.000Z","name":"meenuparashar18.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'meenuparashar18.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052720224588169431"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fd10e8a-1e69-589e-8efc-c299457b9a20","created":"2026-05-08T12:00:00.000Z","modified":"2026-05-08T12:00:00.000Z","valid_from":"2026-05-08T12:00:00.000Z","name":"http://meenuparashar18.github.io/Netflix-clone","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://meenuparashar18.github.io/Netflix-clone']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052720224588169431"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c4b9c27-fc5b-5423-9d70-885dfeb78c19","created":"2026-05-08T12:06:00.000Z","modified":"2026-05-08T12:06:00.000Z","valid_from":"2026-05-08T12:06:00.000Z","name":"vote.p4rt.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vote.p4rt.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052721820965413167"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d31ce97a-dcf7-543d-a73a-2b5e8afe797b","created":"2026-05-08T12:06:00.000Z","modified":"2026-05-08T12:06:00.000Z","valid_from":"2026-05-08T12:06:00.000Z","name":"http://vote.p4rt.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vote.p4rt.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052721820965413167"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea642a4c-79e6-51f6-893a-dbd8138eae7a","created":"2026-05-08T12:21:00.000Z","modified":"2026-05-08T12:21:00.000Z","valid_from":"2026-05-08T12:21:00.000Z","name":"precommit.vercel.app","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'precommit.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2052725668077867070"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b1a259dc-a2e7-5541-9ac8-5ba1ca66a2c5","created":"2026-05-08T12:21:00.000Z","modified":"2026-05-08T12:21:00.000Z","valid_from":"2026-05-08T12:21:00.000Z","name":"http://precommit.vercel.app","description":"IOC reported by @blackorbird on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://precommit.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/blackorbird/status/2052725668077867070"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b38ac8bb-91f7-5882-a1d4-e63151ec5a11","created":"2026-05-08T12:38:00.000Z","modified":"2026-05-08T12:38:00.000Z","valid_from":"2026-05-08T12:38:00.000Z","name":"5a6636ce490789d7f26aaa86e50bd65c7330f8e6a7c32418740c1d009fb12ef3","description":"IOC reported by @rifteyy on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5a6636ce490789d7f26aaa86e50bd65c7330f8e6a7c32418740c1d009fb12ef3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/rifteyy/status/2052729741426250110"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3f2a494-8191-55d7-88ac-c8ff7a0fbf0e","created":"2026-05-08T12:38:00.000Z","modified":"2026-05-08T12:38:00.000Z","valid_from":"2026-05-08T12:38:00.000Z","name":"77a60b5c443f011dc67ace877f5b2ad7773501f3d82481db7f4a5238cf895f80","description":"IOC reported by @rifteyy on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '77a60b5c443f011dc67ace877f5b2ad7773501f3d82481db7f4a5238cf895f80']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/rifteyy/status/2052729741426250110"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed29ce48-acc8-5cf1-a9ee-d71edbede7b8","created":"2026-05-08T12:38:00.000Z","modified":"2026-05-08T12:38:00.000Z","valid_from":"2026-05-08T12:38:00.000Z","name":"5fdbee7aa7ba6a5026855a35a9fe075967341017d3cb932e736a12dd00ed590a","description":"IOC reported by @rifteyy on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5fdbee7aa7ba6a5026855a35a9fe075967341017d3cb932e736a12dd00ed590a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/rifteyy/status/2052729741426250110"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b488fc4-04e1-5408-91b8-3ae1068001fa","created":"2026-05-08T13:01:00.000Z","modified":"2026-05-08T13:01:00.000Z","valid_from":"2026-05-08T13:01:00.000Z","name":"U9x1.one.bss0017.modemeld.biz.ua","description":"IOC reported by @klawlikula on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'U9x1.one.bss0017.modemeld.biz.ua']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/klawlikula/status/2052735700760486150"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c3b72b1-7e15-5c89-8c8c-9ad8941106b4","created":"2026-05-08T13:01:00.000Z","modified":"2026-05-08T13:01:00.000Z","valid_from":"2026-05-08T13:01:00.000Z","name":"http://U9x1.one.bss0017.modemeld.biz.ua","description":"IOC reported by @klawlikula on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://U9x1.one.bss0017.modemeld.biz.ua']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/klawlikula/status/2052735700760486150"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e8f5979-359f-5b0a-b25f-713d6e10264d","created":"2026-05-08T13:42:00.000Z","modified":"2026-05-08T13:42:00.000Z","valid_from":"2026-05-08T13:42:00.000Z","name":"https://80.211.196.157:7443/new/login","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://80.211.196.157:7443/new/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2052745893695414565"}],"labels":["C2","Mythic"]},{"type":"indicator","spec_version":"2.1","id":"indicator--030bdaf1-01e8-58d3-b170-9d17da050979","created":"2026-05-08T13:42:00.000Z","modified":"2026-05-08T13:42:00.000Z","valid_from":"2026-05-08T13:42:00.000Z","name":"healthy.zubhium.com:7443","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'healthy.zubhium.com:7443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2052745893695414565"}],"labels":["C2","Mythic"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a10d184-f547-5268-aa0c-32823d10dda4","created":"2026-05-08T13:42:00.000Z","modified":"2026-05-08T13:42:00.000Z","valid_from":"2026-05-08T13:42:00.000Z","name":"https://healthy.zubhium.com:7443","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://healthy.zubhium.com:7443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2052745893695414565"}],"labels":["C2","Mythic"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6a32f68-5da6-5ee2-b619-50c7362344fd","created":"2026-05-08T13:42:00.000Z","modified":"2026-05-08T13:42:00.000Z","valid_from":"2026-05-08T13:42:00.000Z","name":"80.211.196.157","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '80.211.196.157']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2052745893695414565"}],"labels":["C2","Mythic"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a32a5ec0-54e0-5ace-8f36-e6fb0c862bba","created":"2026-05-08T14:00:00.000Z","modified":"2026-05-08T14:00:00.000Z","valid_from":"2026-05-08T14:00:00.000Z","name":"priyadarshii786.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'priyadarshii786.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052750418002722924"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd8441a5-cbf9-590b-ad9b-ce1b11a645ec","created":"2026-05-08T14:00:00.000Z","modified":"2026-05-08T14:00:00.000Z","valid_from":"2026-05-08T14:00:00.000Z","name":"http://priyadarshii786.github.io/Netflix_Clone","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://priyadarshii786.github.io/Netflix_Clone']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052750418002722924"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3be6c019-e69d-523e-9a6b-9d819b1fdda1","created":"2026-05-08T14:45:00.000Z","modified":"2026-05-08T14:45:00.000Z","valid_from":"2026-05-08T14:45:00.000Z","name":"http://103.79.79.21:8899/login","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://103.79.79.21:8899/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2039439398383583584"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa0fa54b-6d69-5b28-a493-12533f7100a6","created":"2026-05-08T14:45:00.000Z","modified":"2026-05-08T14:45:00.000Z","valid_from":"2026-05-08T14:45:00.000Z","name":"103.79.79.21","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '103.79.79.21']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2039439398383583584"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--80f4ad9b-e368-5489-86e5-24114d7be7c1","created":"2026-05-08T14:50:00.000Z","modified":"2026-05-08T14:50:00.000Z","valid_from":"2026-05-08T14:50:00.000Z","name":"5b5a306e93a17a7edba89301717e304f72134cc5bfd900c4bf8fc2ea617fabdf","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5b5a306e93a17a7edba89301717e304f72134cc5bfd900c4bf8fc2ea617fabdf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2052763006900256851"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--782cff8d-942d-517a-a7b5-8171adf9f654","created":"2026-05-08T14:53:00.000Z","modified":"2026-05-08T14:53:00.000Z","valid_from":"2026-05-08T14:53:00.000Z","name":"meetings.bloombergpartner.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'meetings.bloombergpartner.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052763814731321431"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e4b324b-a936-50c5-afd6-dfc09ad02313","created":"2026-05-08T14:53:00.000Z","modified":"2026-05-08T14:53:00.000Z","valid_from":"2026-05-08T14:53:00.000Z","name":"http://meetings.bloombergpartner.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://meetings.bloombergpartner.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052763814731321431"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25d909ad-4851-58e9-b69a-ad806a1d5090","created":"2026-05-08T14:54:00.000Z","modified":"2026-05-08T14:54:00.000Z","valid_from":"2026-05-08T14:54:00.000Z","name":"bmoolberg.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bmoolberg.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052764095904944172"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f724e120-cc65-5e2e-b076-ab6c6b2fd15c","created":"2026-05-08T14:54:00.000Z","modified":"2026-05-08T14:54:00.000Z","valid_from":"2026-05-08T14:54:00.000Z","name":"http://bmoolberg.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bmoolberg.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052764095904944172"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7774cc49-b9c0-555d-b1fb-2a992272e32e","created":"2026-05-08T14:57:00.000Z","modified":"2026-05-08T14:57:00.000Z","valid_from":"2026-05-08T14:57:00.000Z","name":"f09e7fb98cdc27234d9c76e524aaa0348e86a7bc7013f1ba57e5ea068dcd9689","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'f09e7fb98cdc27234d9c76e524aaa0348e86a7bc7013f1ba57e5ea068dcd9689']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052764950599213510"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd28fcea-a82a-5566-85ec-ce48f32d9d43","created":"2026-05-08T15:01:00.000Z","modified":"2026-05-08T15:01:00.000Z","valid_from":"2026-05-08T15:01:00.000Z","name":"073eb2fb4cb1cdbc14c435028dfd04ca631dac4d713b1bfce573f84e90757d37","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '073eb2fb4cb1cdbc14c435028dfd04ca631dac4d713b1bfce573f84e90757d37']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052765746103504903"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f398e004-9008-559f-b87a-0a3bc02643ea","created":"2026-05-08T16:00:00.000Z","modified":"2026-05-08T16:00:00.000Z","valid_from":"2026-05-08T16:00:00.000Z","name":"zimbraagencialogisticagovco.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zimbraagencialogisticagovco.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052780611194982717"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--447bea7f-879d-5ab2-9ea1-ca794c493ef9","created":"2026-05-08T16:00:00.000Z","modified":"2026-05-08T16:00:00.000Z","valid_from":"2026-05-08T16:00:00.000Z","name":"https://zimbraagencialogisticagovco.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zimbraagencialogisticagovco.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052780611194982717"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--412dffbc-eb99-55a4-9ad2-e86144450467","created":"2026-05-08T18:00:00.000Z","modified":"2026-05-08T18:00:00.000Z","valid_from":"2026-05-08T18:00:00.000Z","name":"nid-naverpep.servequake.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-naverpep.servequake.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2052810787010543708"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8b36958-6b06-5a03-b692-ba7f92908361","created":"2026-05-08T18:00:00.000Z","modified":"2026-05-08T18:00:00.000Z","valid_from":"2026-05-08T18:00:00.000Z","name":"http://nid-naverpep.servequake.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-naverpep.servequake.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2052810787010543708"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fb6d949-690e-570f-9326-f47d4e3ea1f8","created":"2026-05-08T18:00:00.000Z","modified":"2026-05-08T18:00:00.000Z","valid_from":"2026-05-08T18:00:00.000Z","name":"http://27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2052810787010543708"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c41e64fd-bb60-5e1c-a8ea-f62b098b645e","created":"2026-05-08T18:00:00.000Z","modified":"2026-05-08T18:00:00.000Z","valid_from":"2026-05-08T18:00:00.000Z","name":"27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2052810787010543708"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec7fbc49-2a19-5707-a01a-91e3cb83104a","created":"2026-05-08T18:09:00.000Z","modified":"2026-05-08T18:09:00.000Z","valid_from":"2026-05-08T18:09:00.000Z","name":"e9df9fe7c5f9185c420974b6c31025d5","description":"IOC reported by @ReBensk on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'e9df9fe7c5f9185c420974b6c31025d5']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ReBensk/status/2052813069685031172"}],"labels":["Android","Trojan","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0fe266c5-c280-57cc-b998-0e26b4cf4751","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2dd8db1-d1ab-5ce7-8f1b-2f640facb038","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a5b9fc5-8982-5383-8093-6758c7710796","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gosi48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gosi48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8acb7914-60c2-5b28-842a-b1606c761b86","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gosi48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gosi48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a0d91b15-9a35-59c4-b460-045c57d2d3d2","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gosi33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gosi33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eab58e7a-78ac-5265-9420-e252a83bc12d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gosi33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gosi33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e67017d-503f-5f90-b0b3-5a0cbf6ff4d5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gosi62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gosi62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ecea73e9-5bd9-5bab-b679-45e6b16588ae","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gosi62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gosi62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78b6d289-a9ea-527f-9a88-7f3c1418f790","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gosi20s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gosi20s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--120a17a6-0fa8-5b02-8560-db0d8420caa0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gosi20s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gosi20s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5571b117-694c-5743-8f67-7bf775a413df","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gosi22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gosi22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--223cbab6-bea0-512f-af65-ab37d26d6cf1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gosi22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gosi22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9380bc93-e00b-51e4-a8b2-bae6d2cccb28","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gosi56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gosi56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fd4703f-1fdc-5241-b45d-23094e928531","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gosi56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gosi56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23367932-8a4c-5624-b693-dc9c3d3ddcc7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gosi23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gosi23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf4efaac-3764-5c68-be17-1cfd39ebdf38","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gosi23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gosi23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8c036bf-2e33-5431-abf6-001aaa5be6a1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gosi66s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gosi66s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4555803c-ab48-5567-9dbf-7fde0bc96fad","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gosi66s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gosi66s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d351cf48-a254-506f-b948-8fe83ad50fd9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gozi69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gozi69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e040291f-d3a1-5825-a6ab-511be723bb7e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gozi69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gozi69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e8a0acf-f02e-5041-b082-2c6a449332bd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gozi81s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gozi81s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68d169c7-0b90-5b3d-b8e0-355d16c043d8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gozi81s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gozi81s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb3b212c-e5b1-574d-bb42-6c0bc7be28fb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gozi82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gozi82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8da0e58-b357-5c8e-821d-ce1e86f1cf99","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gozi82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gozi82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba326831-9b2c-5e63-96ea-1b1daffe018e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gozi87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gozi87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6bdf2283-710e-5f19-9aa8-2218ec3efc38","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gozi87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gozi87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3e91bb4-f803-537e-a0d8-0126a30e1d9b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gozi50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gozi50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--251ec944-fc6e-56e1-ac97-ef49ad643ff7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gozi50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gozi50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e475ff67-386f-549e-8b66-0d811af9e1d5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gozi23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gozi23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2867c764-cdf0-5a3f-a3b3-aca1347f5fc5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gozi23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gozi23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9aee5c8a-b5bb-537b-8dc2-b5c217fef3c5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gozi53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gozi53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f98ffc3-d63c-54d7-b3bf-837b6a2fd5c6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gozi53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gozi53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71b03c44-eef9-59ed-9285-bc75e5a4634e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gozi41s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gozi41s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1fdafc7-ac8d-5048-bae7-337625be0777","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gozi41s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gozi41s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--de29c4c3-1371-5e9e-8bb8-30c728d3b42a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gozi51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gozi51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--578357ce-40e4-555b-9855-b67d6306094f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gozi51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gozi51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17309bcd-1112-5e4c-953a-b0262da2706f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8318cf2e-a68b-5d34-be8e-2f29acabf93c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b7f2855-34c0-517b-8340-c75e8c017d88","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"now72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'now72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f1336b7-0f42-547c-b6a7-3e062bfd7535","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://now72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://now72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30f1bf19-428a-513e-b736-74321e3aac64","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gree47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gree47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f0e941a-ba0a-538a-8052-3a6b356c3013","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gree47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gree47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ec0d81a-d900-5a30-93a8-8a417c13ae05","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"now14s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'now14s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d4bfe58-2de9-5528-ac8c-450aef4f397a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://now14s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://now14s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2ef314f-9a7d-5332-b94d-ce4cc60d112c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"node39s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'node39s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5cc7599e-db76-5510-af9b-cf8143f02344","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://node39s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://node39s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b94636b7-177b-5483-9b8f-e9a35e44bd7d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gree57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gree57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92651e75-321b-541d-8286-5f2aa3e905b5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gree57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gree57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e61a343b-b882-5cac-bbee-a684851a48ef","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--57c5d6c4-30b8-5024-8c02-f6fb0c1d4ece","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb42d3df-f2fe-5cf6-9e8a-4181d2494ad6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said46s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said46s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0660da30-9c2a-523d-8e03-d5f14ff5b437","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said46s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said46s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e0fb649-c029-5d2e-8cd2-c813b754bf87","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said2s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said2s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4bf469d-b74b-5f85-a93f-00ec0d8ad9c0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said2s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said2s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0094e950-d260-595b-876c-08a7b0a063b3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"pill47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pill47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b42eab3-e533-53ea-82c8-24cdef4763d4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://pill47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pill47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1965245-1676-5659-9053-2513fc7cc04d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said15s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said15s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0665c022-6729-537b-b823-22466f4b9038","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said15s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said15s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a95c6516-ad91-5d6c-9af5-fca1516ff195","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said0s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said0s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb390203-ce38-5772-9481-1635b40940af","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said0s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said0s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffab592c-5181-575e-acf4-5cc9542c47aa","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2a67b3e-b8d6-5276-8c0e-7bc309fbcc35","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8043755-44dd-5f99-9dd6-afaf02bf6837","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a0d7b14-5fb3-5edf-b201-5bf6860b3421","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b05b22b6-7c0e-5ea7-bd84-b3371619c65b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"pill26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pill26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--da7f15ae-f2ce-5f56-af4e-9a01dcf1cddb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://pill26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pill26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98c7ae79-4553-56eb-9897-d72e0c6eed5e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e639b97-6945-52f3-af6b-1242046ff9d1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2b24ec0-a44f-5ccb-ad21-e0b1703e95d3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"said18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'said18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4bb5496-7601-56c7-a7ea-3ded39d9dab8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://said18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://said18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a68f0fc-0597-551f-86de-bfb0529e852a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"now59s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'now59s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91d6a2c2-117b-54cb-9b82-35d51e7fa5ee","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://now59s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://now59s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93ffed48-6592-5e60-9d04-3f2738bacef8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"now50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'now50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34685a05-0f2e-5e96-9e1c-f33328ae7c75","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://now50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://now50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52fb5508-2b5a-58ed-be2c-1c8b8033a877","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gree12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gree12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--de914135-abf0-59d3-b3f8-9a174e80ded9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gree12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gree12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ded3f9c-654f-5fcb-9165-3f56ef9fc03d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gree53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gree53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64578747-5d75-510e-bdc7-c06acad7c1cf","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gree53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gree53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bee5e6ef-91ad-561a-aafb-779be23a507a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gree22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gree22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec5a90cb-76f4-57bb-bb72-2dd7e707b096","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gree22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gree22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c90089e-fa15-5254-819a-7fbc81f2886e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gree37s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gree37s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--316564ea-7070-5812-8fab-6dd722ebdd4d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gree37s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gree37s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9d135d7-a25a-5a9f-9b47-9785882868e6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gree3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gree3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38f24e16-faef-548e-b4b5-7e0285bd3f5d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gree3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gree3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4da8055-64a2-5d16-9117-a9a5ef7ee7a1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"gree25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gree25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4b75553-a38f-5750-b6fe-d361612fc44b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://gree25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gree25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1d9e347-c125-5103-a606-73e45cbd63f8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae931b16-6596-5874-9c7f-c5c8f4a1b61c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a90f5d7f-be61-5638-aaa5-0e5a39883d4b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule84s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule84s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a19c0c5f-c822-5d8f-8ec9-20c2b58ea841","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule84s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule84s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35cbde6f-a807-5a67-ad71-08a981042ca4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6730c8c-e214-5d91-a204-17c7f9baffb1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03fdfe38-9362-5177-b52e-fb50428d0c98","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read54s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read54s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c27a7cf-2039-5fe1-af79-8b14f14453f3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read54s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read54s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--368b54ab-611c-5b2a-94aa-54d3ab91a777","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--df40af22-e65a-527c-9fc8-0ad8e409e62e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ede8c6ef-32b5-5cd0-a1ae-56be34216004","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read86s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read86s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--365bdc07-6139-5167-8c0c-00c88efc872a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read86s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read86s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4a6950c-2167-5801-8821-1b6c5947f0cb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5626df2e-a74e-5ff0-aec2-79bbbd64e06c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6efb9c8-15ec-585c-b2cd-306529bb580d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read98s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read98s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--406dff42-f3a3-51e9-9ebc-fb6027061576","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read98s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read98s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0bc7b7a6-c0af-59b9-a477-f3e89c35cf7b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd1ba016-f6ee-58db-b84f-ef791df70e09","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8a9cfe7-2481-5add-b05d-05e25f9dd176","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read63s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read63s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93b3cbd9-f081-5ee9-acc6-81dbe26cdd01","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read63s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read63s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--089bf658-f273-5193-ab99-363750d123f1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6c56692-68eb-52a6-9a2a-5f07bed17596","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8b1c656-4420-5f1e-8293-a03690913cc8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10a0f286-334e-5e4d-b83e-5008bc93cde7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a510dc30-26bf-53a5-ba1e-20d5bf2726ac","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read71s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read71s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18721cfb-c88a-5912-86f7-a5009144a9af","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read71s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read71s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9385d297-84bc-535a-b9fa-025a8650d62b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read91s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read91s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14bea8ec-e825-58bb-84e0-61cb7b79a834","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read91s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read91s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5f0022c-f98b-5bf4-8b5f-0f42594ea40c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6495de7-f5b8-5a0d-801f-ca598eb2ca9c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e95c6c5-c872-5625-bb38-9cb42705a79d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d31cd9fa-6cb9-52bd-b56f-6bfa50aa208e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--94e96ebe-150d-5d8c-9516-a513881ea537","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read55s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read55s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bfa5f988-d184-5579-b812-10e6120044ed","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read55s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read55s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af8ce8db-0506-5a46-947e-cf74467df7ea","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e9a0bdd-026f-5c99-9260-fee26dcb7098","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d5a4a21-37c4-5175-94e8-a5316ea2172a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read97s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read97s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33176f61-5137-579d-a18a-e8f8a156e566","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read97s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read97s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7acf7a7e-56c0-5682-94b5-b94caaf674bb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8630aa8d-f9f4-515f-b442-790629e79769","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21ee17f4-662b-5a0f-8089-6bdf5019ea3e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read43s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read43s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--daceedeb-0f20-5312-a790-5336c52cfecc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read43s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read43s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2863690a-8abf-5f37-a594-4b167fbdc371","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read65s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read65s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b5273be-c1c6-52ab-a0b9-59ddc999670e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read65s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read65s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9c88eef-171f-52a0-bea5-fc9405e5bd5a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read85s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read85s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01036fe5-f1d6-5151-9d3e-58d2a83c9c24","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read85s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read85s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0461bb5b-7b5e-5737-ad83-2360fa2baecc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read61s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read61s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b2847ca-e81c-50ee-8cda-1bd21a61347c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read61s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read61s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e3a356a-b587-5633-894c-c924af8e6575","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read74s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read74s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f96e395c-ed8b-5699-a3b4-f14bfd4d5607","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read74s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read74s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14206ad8-db08-57e0-9c88-a9afa68d996e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read89s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read89s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c68047e-143d-5c61-8eb8-d3f63d3ad14d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read89s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read89s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--74aa0486-6514-5a8e-9826-68152f314a2b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0cbb23a4-6f2b-5948-b523-6dc0b114fb12","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aee9118e-a989-596c-a561-10c5cb453a59","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read68s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read68s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b4e5f77-97e8-53d1-beee-735a8a50b7f8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read68s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read68s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc84bcd3-5383-5a86-85b0-229b4a4ee832","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--51c622a6-2d8a-5067-9a6f-dbe54548f266","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e553323-dc1c-575d-b528-bc2543ce323d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read96s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read96s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b57bc80b-4da6-5011-9006-6dd6d8a4bf35","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read96s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read96s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38fcfe7b-9ebf-5436-9aa4-f5bfda1af7cf","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16627931-7f4b-5e03-b097-b0578bd14f1a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--390d55e2-979a-51f8-a528-5f80a9369138","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read59s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read59s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--24bd4aae-14cc-5d5c-98e7-f6a01cb1e33e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read59s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read59s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36a6695c-aeb1-5e9b-9105-4cb13d6c14e3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read83s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read83s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e190f8c-db55-5afc-a906-c0a5016985f7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read83s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read83s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81301be2-454e-5121-aae1-2a1b1b50f962","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--117122b0-d425-52dc-8dcc-c748947f8f76","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38438ef1-2f4e-50dd-8ed9-3abee8c5a699","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a0ed87c-b0d1-5378-b3d2-aa103874f8ae","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0619cc0-6234-53e7-a0a4-3fc5a846a981","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read84s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read84s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e09f0cb-e93d-5fa8-9f01-45b36ade850a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read84s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read84s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f67651d-9538-5315-b4e3-e196170c3d98","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e794e41c-f423-5550-9205-2073c07c5347","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a2b3b73-b15e-52c0-af8d-d783c85e533a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d5ee28e-d18e-5769-a8fa-afb54d4d8f98","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96f856b0-3296-5f28-a25a-37ab5fc40885","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--094d622f-ef77-5afd-9746-aee3435937fb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb26a937-275b-5bf4-88d3-e876608261f8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07a9765b-2574-5eba-a5b8-835ffebaa4b3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--922bfbc5-01a7-5170-b0bb-2c7c15d017e9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5ba36c8-0027-57f8-b811-eee182594a9a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03da8574-db60-58c1-a1bb-7db922c8c651","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read67s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read67s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c8c6884-ab4c-508c-97ae-3cc5920ca60c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read67s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read67s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38d7eb72-5407-5438-b293-a3f89efc9e7e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read64s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read64s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f68a8d3-ea44-5e94-98ae-38641519c07f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read64s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read64s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa104ae1-a0d0-5c1e-8b0f-aacfdc2bffea","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read66s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read66s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--215dca9e-243e-5adf-938a-08b82b538372","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read66s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read66s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71dd6c30-4369-56f5-bf80-d9b430ea5a74","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read79s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read79s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1816c5e-68eb-527b-adf7-ba4f678f435f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read79s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read79s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1dc3edc3-c6e7-5507-b78b-c834a447ad24","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read78s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read78s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2850dda7-a2b0-5437-a58d-f6f95ead2966","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read78s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read78s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63bf2bd6-0402-55a9-8aeb-a3d130260096","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read76s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read76s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--253cb848-0bc3-5ed5-a8f6-837cd13ac8c3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read76s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read76s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad9effd3-3d44-57ec-817b-757ad994729f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b20a0189-79d9-5032-9a13-b55e6bae6fac","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f366c2bf-6c0e-5bd7-a0ce-327d7b736b97","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read93s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read93s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b044222b-240e-5be9-821f-699b68c41f28","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read93s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read93s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a796f863-caf0-5081-b775-e26f4273746a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3be4a62b-5978-5fdb-8978-2e8281177a21","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27ed0d22-507d-5164-b5c5-5f556b94c109","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read90s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read90s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d14fb762-7b30-5070-b23b-b0863e812d51","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read90s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read90s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff49ca1f-4fb2-5bf6-ae84-b2fe7208b0d4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read81s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read81s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5c5f284-d0ba-538b-94f3-ece169ccd49f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read81s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read81s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62f8f41d-1290-5f29-a6cd-e2e82c0dac5b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--936b09e4-8377-5316-8b41-0faae2033846","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad93d7b2-6d16-5c8b-bd9d-324132c5ff4b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule58s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule58s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71994c46-a054-538d-b0eb-391a9ebee830","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule58s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule58s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46738ab9-8eec-5b8a-add2-f38c74fb8fc9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b301ab5-3bdd-5f77-8af4-5948450c89b2","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96a895cf-a68d-5d44-8b65-d93ddc6cd47e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule46s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule46s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--841587ff-1545-5662-a1fe-69c6192f8fb5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule46s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule46s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e1637fc-dd50-50ca-b65a-afb3ffb01665","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule27s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule27s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--222313a0-fd24-54c6-85e6-52e277a4a0ad","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule27s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule27s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9765b9d9-ca0c-535f-b6af-38f51eed045d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule5s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule5s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b48e3272-9141-5320-adf8-c71aedb517e5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule5s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule5s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d493949-cf71-5b4e-8964-a4dc0610907c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule9s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule9s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5904c361-e7e8-5388-9518-5d342ecc67c5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule9s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule9s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b9f5a37-6299-5078-8772-8e68743d66a4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3f541fe-e871-56cb-a906-8d1efa74079d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38a083e0-1fcc-51da-94a5-2814f1960dcb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9670ee9-b407-593d-8771-c7ca715c7d3e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e287047-841f-563b-9e08-6e0f9ffb038c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--811f88c3-4125-597f-ae28-a56663844cdd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14e2cec4-a1bf-58db-9898-a33c23fe88ce","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule13s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule13s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fbd8444-e423-5586-be9b-6b2f9b34b117","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule13s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule13s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1671b6b7-c174-5aab-9cf8-2d2b5fc93d82","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule37s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule37s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d36007f1-b62b-5e8b-a90a-b83df1b116da","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule37s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule37s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a631bf11-b013-5562-986b-0b34d6517539","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--162ad467-11e6-5823-ac35-8aa93e5ef3da","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--841d9fb4-aee2-51f6-8720-66d99697d5b3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule29s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule29s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4588889e-4a38-51b6-967f-419713217b69","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule29s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule29s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d05b77ef-4df7-5396-b4c5-dbf15dfed697","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule34s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule34s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40a42f52-4498-51b0-9cc9-a20c6ee97fe4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule34s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule34s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--351ecd86-ea2a-59cb-93aa-603e732b6eb8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule55s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule55s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00ae8acd-295b-5882-abb7-9a718d98da97","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule55s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule55s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d5c2a81-f28e-537e-8bf9-005c0c386d00","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule19s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule19s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff9b8cd1-1ce6-51d3-aeca-b9dd614b5b5d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule19s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule19s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--949c3244-cc8e-5dfa-9ef3-9aa4012e3456","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule28s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule28s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a8479cf-5578-5534-acb1-86ad8eaa9ddb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule28s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule28s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5f8ab63-d37d-5566-adc4-0ca9493ffc61","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule7s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule7s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14b0adda-ae30-5b8d-bd37-33b71546baf9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule7s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule7s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d2143a90-6e0b-5fbb-a16c-db3a4980654c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--375ab33f-55e2-5820-ae6d-5d7539d20b12","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3b07bb4-5e47-55d1-8f95-df7b1faf62d0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d47d2238-30c9-54a8-8ad1-07535842abcb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--426d4833-f83d-5127-9a66-da5c593ce756","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule20s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule20s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--436aadc3-92fe-5430-a27b-80dca609e0bd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule20s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule20s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f59cedc3-9111-5e6e-a625-878f2af8340c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64566a16-204e-5e96-bbc1-626a113228bf","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c21fc86a-dfb9-5f48-b021-a67fd92dffe6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5be45977-3edc-5563-97f1-baffb9262676","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--275b06ed-3ecb-5a60-9739-80a2e389366e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule17s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule17s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f76b72d8-95ef-568e-882a-99abac3a618c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule17s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule17s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85073b33-2dd0-5ace-8bc6-3e44c0341f1c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read0s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read0s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8504c32c-964b-596a-b602-52b30e7ecf9c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read0s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read0s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d8e9e81-a33a-5ec9-85d2-97bbea692480","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read24s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read24s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--322ce8ec-816d-5025-a26a-52ceeed4157c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read24s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read24s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a45cf90-a1c7-5b6c-be09-8c980fbc56f4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine60s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine60s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86e4c578-a199-599b-b879-afaa6c43fff4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine60s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine60s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--843b3d7d-cf83-57a3-930e-2ff08363973d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule16s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule16s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5dcdf50e-5f47-57bb-8e8f-98e6a2dcd1c1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule16s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule16s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63dacfa4-5f18-58d3-8607-a649e5ff1944","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22c39ffc-ae84-50c7-b98c-b27835c84ca6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e47f794-e35e-52ef-ae0f-c3e9fedea9ae","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43e08363-c119-5d90-90b2-b924dee1ce01","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bec1556b-8829-5d2a-89e5-c15f2429caf4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--57ac9a36-528f-50bc-93f1-f096c835aa91","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c63ad486-2100-507b-b52c-df49b6e5f400","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule24s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule24s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--51c8380a-e9d8-56d5-bf68-73600b316ea8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule24s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule24s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34a4e82c-d4b2-58f7-9dce-8add4e52272e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f199153-f70d-5317-8307-951e12a4f1bf","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0c7f0c7-5c26-515f-9d49-7efd8e44de8e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule14s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule14s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66fe6359-1065-5dfa-b87e-1efa5cf4d8bc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule14s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule14s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5440b0f1-8e25-5ae2-9f1e-b493bc319c51","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule38s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule38s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c4a35081-7870-5c2a-bc56-bd4c2dbce582","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule38s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule38s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d759df6-61b2-5911-b0ed-735b7cba108e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule54s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule54s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44d0cf9e-6742-5f98-9b72-09f3db6909f7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule54s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule54s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6e15fe4-d899-5177-8c93-26f4d424b0c4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12abda72-31dc-5b9e-b3e7-dc6c8c9f972b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b54eeac7-eccd-5bc1-9593-76cec1c4ede4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule31s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule31s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--816626e4-6838-5127-a6de-b196cb4f54bb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule31s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule31s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81bb65a3-73d3-53f6-93ce-b57c9bf2b594","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule30s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule30s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dcd84c8d-b298-561d-a89d-7ac95a02da59","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule30s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule30s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f30152f4-a069-53bc-9daa-35f702b15a69","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule64s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule64s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64a7b023-3896-5952-b54e-9d554463c189","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule64s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule64s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3983d509-afa7-527b-a829-97e0431c1c0c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule61s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule61s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f87e46f8-696f-5d09-882c-d9e6ffc32375","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule61s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule61s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c84f7e11-599b-5fe1-bf0e-aefb384ec9b0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--57ac855f-f15d-5a46-82c5-6ef932f619a7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5138157-7eed-5873-99a2-9fdb29dcf809","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule59s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule59s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--431b5723-4d85-5865-90e0-5071f1ea0c78","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule59s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule59s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f0ecb3f-127d-50e9-8505-42e0bd289e2d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule36s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule36s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b504e50b-6a77-50c3-a919-6feadf527407","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule36s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule36s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89583e92-3211-5801-b314-758ef44dcb2f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule35s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule35s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--abe30b9a-3ca9-5cba-beb1-a7c3a50da5fa","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule35s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule35s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f05f055-0a86-5d10-be63-6446b8029e42","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule15s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule15s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98a6f6f6-c8e4-5974-9c1e-6e243f71aa81","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule15s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule15s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ccc1615-f707-5271-a32e-e320867a7e0a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule43s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule43s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--692210a0-af6f-56c9-b9b8-81bb6c43918e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule43s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule43s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d419774e-6ced-50d3-90af-bb84e1b785bb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule63s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule63s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d933ce21-1a1c-5bff-ac81-2e9e7a317e6b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule63s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule63s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5567b164-cf98-5f99-bcec-f28a1485fc07","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f6e6eed-c6cf-55e8-b41c-1b00a82e01bd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec926b47-0c09-5ae2-9045-f27a37ae7018","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule60s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule60s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d06bc52-a968-52c8-a4cc-9ddd660b6d92","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule60s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule60s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6faccfc1-59c6-5444-8729-c189f808e678","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule32s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule32s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--444fcaeb-75a0-548b-a332-f080dc720cb6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule32s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule32s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1133a873-7ba6-5ce6-a813-f8f26dd843b0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fb42eac-4e90-5612-bea3-667730a6ba10","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d5e3f50-48d8-5d88-bf7e-3c3a9ee122e2","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--793ca300-2782-5131-9303-f394e01ca8da","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3551b0a8-f72e-55c5-b1ba-d9f704a36904","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"rule50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rule50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--730087d3-e315-58da-9de4-750f29ea668b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://rule50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rule50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8f2fc6f-afe2-52bc-992a-606f828f7151","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"read28s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'read28s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--32e51de0-08f7-511a-8f1f-45e659045c9b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://read28s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://read28s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f7a32bd-6c23-52f3-a0ec-92bd346edddd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6737c45-b3d9-5ade-94ef-319244f8b6a3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--582c7a82-1511-59e3-978b-7dc3b35154c8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e579ebde-1938-5eab-85dd-31c35b041f7d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0129c128-1795-5942-8730-e8bf9699ea43","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine97s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine97s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ac55d21-955c-5c4d-8609-89192fd1a9c6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine97s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine97s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e2184a1-df1e-5100-9cfd-732125d96730","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine85s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine85s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d7bc17e-3ecd-591c-912f-5024850ced5d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine85s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine85s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f4f3d0e-01ae-53a0-9bcb-24ea395e858f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine83s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine83s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6162dcfb-f173-55c0-aac0-e062507e00f7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine83s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine83s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4e40cd8-3409-5ef2-9540-7eda1e57a547","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"find47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'find47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b156c0fb-c219-597d-9ed8-eb3454f9312d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://find47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://find47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3cae8d83-2471-5d4a-947a-ecaccc359d2e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5058fdf0-6354-526a-9e41-cac43ee07d8b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b309599-7edc-56d9-bf07-64320b5fd612","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c035292b-fc44-5c13-962e-101d99b1523e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31495f46-b666-5efc-b9a2-34332869b5c5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine86s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine86s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30aad68e-59f6-5a0a-acd8-fc9e1b38f0a9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine86s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine86s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a72a7af8-faeb-5fd7-ac59-658caeec6e40","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine91s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine91s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--88052bfa-c614-55cc-9b5a-7ae8af37244e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine91s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine91s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c978484-0b5c-5a51-a213-e68a5552bda2","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fill75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fill75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--503f73a7-4d1b-5c7c-8239-1def18b41322","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fill75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fill75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00000589-0ba5-5442-b3d3-9ae97e378d91","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine98s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine98s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6a363ed-3f9c-58ca-b39f-4a90d7e5898e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine98s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine98s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01d960d3-9275-54a6-878f-aec0184efd2e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9840dd15-b99d-5724-8170-c0d41ab9be0a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99a66856-bd90-5303-b53f-86d93ad13a7e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine84s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine84s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8cff856-1f22-5ae4-a296-b1c4997e2f37","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine84s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine84s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--356df8cf-9cc5-5ecb-b162-6adc38e988f5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine71s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine71s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b62af07-9f12-5b8f-bf39-a9560938c958","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine71s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine71s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be7b2539-d269-5a27-b23b-37305f7b3b20","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ceade4b-ac3c-5eb8-b890-a7c5eedc6a2f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96e673a4-43cf-525a-9c43-8648abb9c429","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine79s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine79s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6bc0a5ba-b541-50c5-81bc-638d9f0f5ccd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine79s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine79s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c5032c79-1aa9-526d-bea9-49203c28fdcb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine81s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine81s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adb49d2d-5dd6-5ee9-a274-e35dabfc9730","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine81s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine81s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e9a69d3-50b8-5aed-bda8-52a41df0352d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1135f482-7c27-53f9-9ea7-a62ebaccda8a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2fd05ba-61f7-54bf-bba1-ea4a31296300","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d24e110a-9ce8-537a-9358-77dc00377d02","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--108b4f2d-c18d-52d7-b6dc-a619cb419271","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--455d20a6-abcf-583a-ae87-b12106c4d357","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f3a4ab2-746a-5909-b1af-fe778242c867","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d86bd32-6e03-5624-a358-a22bd8878c86","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b0c0cd6-ff22-505c-8fe0-bb350c4ab027","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4bd65319-1e04-5e1b-968b-13cda3fc6cdc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31bd6372-f366-54b9-a82e-7ab29c06590c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine96s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine96s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43c86058-4572-54e0-b1a0-890b1539b9c0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine96s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine96s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c9f1588-6c38-57f2-99bf-c258e6c14477","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine90s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine90s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4886ff4a-0d7f-59b5-ad5d-81876faa045c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine90s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine90s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f523baa-c071-58a8-ab22-17a35af1eb39","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a67a2e1e-56ca-55de-86ad-20c057cb8d92","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b4d7ce3-6f29-5475-8184-461fd9b41c93","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f657c7f0-236e-5d2d-a1e3-3dab80755ac0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad3b4d0f-4d58-50a9-bc7a-532fe00fc5e9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine76s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine76s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--32148218-39f6-5e40-8652-7d8d7e001aba","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine76s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine76s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b2ba02d-d001-5bb0-82a3-cb084e35cefe","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine93s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine93s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--588295f2-ed20-5f58-b092-73445948eb46","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine93s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine93s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e643a68b-e0ed-5950-a30b-2b13b13a9d3f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a92117ca-9777-5322-902e-2b3f2ef993fe","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6685ad5a-dafa-5938-9226-713dea4a8940","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine68s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine68s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18402555-be9a-5249-8851-79290bce35bb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine68s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine68s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e0fcb45-11a7-52ed-a872-405c16a30bcb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine88s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine88s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--06cb1be0-6f5c-5ed2-a734-af88db1b0fef","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine88s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine88s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa26bba4-8b65-5925-9bcb-17e014c6d772","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine89s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine89s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d4b2b5b-8c61-5e13-85dc-87f1c144b06f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine89s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine89s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fedae129-9ccc-5985-b599-e37ac441a6e5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine78s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine78s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--030d682d-23df-526f-9f62-4b1ed3cec096","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine78s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine78s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b23b0a0-64ce-54be-8cc5-08f1cc62a402","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine41s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine41s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b1ba3821-719f-572d-9a83-c40c511cb248","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine41s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine41s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b12c5013-e033-53f3-91a0-39bc87559ebf","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fill50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fill50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e435742c-6db3-566a-bf2f-d22fb24ab83f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fill50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fill50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b75ed26-b14e-53d4-8a7f-b225cd0bb382","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"com-accountsverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'com-accountsverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7740424f-b329-59eb-9f8d-b870b9eb36eb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://com-accountsverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://com-accountsverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61e95a77-e93c-5b03-beff-c55eed9d9c69","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"mexc.com-accountsverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mexc.com-accountsverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8297f6c5-e218-5788-99c2-711bad5da13d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://mexc.com-accountsverify.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mexc.com-accountsverify.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75bec82f-366b-54be-83db-c3cb99575d5f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fill29s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fill29s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--501cac21-2f6c-577b-8faa-32a7203e41ff","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fill29s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fill29s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ae43f0f-4fbf-553a-aa2c-9af9704f7978","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fill7s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fill7s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53cac76c-45fd-55a2-bd53-ed7bce4d4549","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fill7s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fill7s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7067f96c-576e-54f4-9f00-59f37d1d3ba7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"find69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'find69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39e0be18-d4cf-58ad-9107-046a4dfe69af","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://find69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://find69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c74335f-45c1-541d-b9b8-1c683b2b2206","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--69563ef6-b307-5c28-a431-ffa7c3f68fa8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44b42cf9-957c-559d-ba4e-d03674091f6c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fine9s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fine9s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99cf9ae5-e797-5f5d-b23e-fb8c5b03eb41","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fine9s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fine9s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82c52a9d-67dd-58aa-811d-f60bf54d3a82","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"find30s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'find30s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c120927-5fe3-5b13-aeb3-430e21313b4f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://find30s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://find30s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fcfc1672-26d8-5699-a235-cb3b377ea393","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"find85s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'find85s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8002ed8a-4468-58a3-a170-e5f7ed1fe917","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://find85s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://find85s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64565cab-42b5-5413-84d9-c8ede3a90778","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"find77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'find77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9902ff48-3e0f-5020-bd0f-37187641b980","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://find77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://find77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c69d829-42b9-5e4e-b8c4-3e2a2bee5390","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"find44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'find44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--452ede3b-ed0e-5a17-a108-5012d511d9dd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://find44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://find44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--957a1639-2b14-5560-87cd-91526086b4b4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"find61s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'find61s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc5c758a-d18a-56ef-b3e9-0a1822420c62","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://find61s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://find61s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b2e3213-59e8-50a7-9220-6fa84f413462","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"find93s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'find93s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f713fec1-bd1a-57b8-b3b4-97adee750ebf","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://find93s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://find93s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a9043a2-6ed3-5cbf-89f2-14f14d0b2d50","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"find42s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'find42s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--477e9206-f625-53db-80a3-3d863792225b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://find42s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://find42s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c69c7e53-8f15-58db-8399-43b070829d87","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"elecviews92.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'elecviews92.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--96a31419-0371-5806-9cf3-c9fceaf88496","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://elecviews92.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://elecviews92.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc60df8b-6b41-5775-9ae2-811e3ee8a5b9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"base2s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'base2s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8547654-9e61-5adf-bd02-4412942b6a04","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://base2s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://base2s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e15c9f04-c092-5e1d-b7e1-060d28b94acb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"base24s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'base24s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4efe6d59-11ec-5a8b-a811-676ea83e688f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://base24s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://base24s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a93ab7ad-d741-5ade-a05f-0e1b6b3528f3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c9d78b4-a786-5c57-8214-c25924c65a26","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--866a7bc3-eef5-5be6-bee3-32300543470f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch39s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch39s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b81db72d-8d5e-5dbd-93dc-24a6c06a2044","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch39s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch39s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--227a94e5-34bf-5fb9-96c3-0203df050d3b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch89s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch89s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dddea4fe-1b55-5809-9684-2441ad1be4e0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch89s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch89s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--851aba52-4984-5a32-be65-5c3f40eb7741","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch83s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch83s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10ae22e7-3b8c-552a-9409-635afb1acaa8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch83s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch83s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fe95672-43fd-542e-9ad7-c7cbfece0825","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch81s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch81s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b174708b-e73a-5e7d-ab5f-f0aca5ec3dfc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch81s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch81s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--13cbca77-4115-5876-96cf-8d9ea97e16ec","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--caeec101-52d6-5631-a519-1a3ac8269b01","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e922493-522d-5cf2-a94a-e99f41ad741a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e3c8f2e-6e76-5aa4-9a96-09f251d8c558","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f994b1f-c257-5877-a2e7-afc76fc74e18","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch40s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch40s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a59caf5b-3f0d-528c-a512-ae4c35ab95e8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch40s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch40s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb18427a-1cbf-5c91-b545-b54f7ed41470","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch90s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch90s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9ffdc8e-b081-5072-b556-8f0d2f924ead","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch90s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch90s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6a7ad11-41e0-553c-89dd-a25b1d6a9800","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"poll87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'poll87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33128c17-8761-59bc-bb71-c039d2845f01","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://poll87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://poll87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c946196b-4373-5a20-a809-7ffc69385f17","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"elecviews27.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'elecviews27.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64734869-1aef-59c2-8ead-80d3656fc081","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://elecviews27.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://elecviews27.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f01da079-cbca-575c-931a-f1432739ad61","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"elecviews52.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'elecviews52.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e059b5e-62f2-5927-82cc-15adeeda8d01","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://elecviews52.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://elecviews52.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c52623a0-0d06-5503-b325-4d8db89df2e8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"elecviews20.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'elecviews20.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92574b51-7e39-5f41-8f7c-750e3d7d3a36","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://elecviews20.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://elecviews20.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--abd2bfdd-33fc-5c4f-ac98-f87346f29b1c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"elecviews78.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'elecviews78.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eddb2501-0b32-5656-8237-c5ae74a6ee75","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://elecviews78.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://elecviews78.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--503be347-d2b5-55c1-88ae-14dab0d94546","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bfa461a-f603-5548-b286-f1e28887452c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch53s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch53s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bacdba55-0253-5ca6-b690-2d4d19386de5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch41s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch41s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--979e53bc-6922-5f0c-8fca-3f948ed0cc57","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch41s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch41s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59f2af5e-23a0-5a95-b105-148b7fde15d9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5674a7e-edb4-521c-97b6-ea9d45153595","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a995dba-0616-5aea-b4e0-2d2dd8accfc7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65226566-7054-5882-9537-20284e332324","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e46d386f-55b8-55e3-8216-8e4c089b90e5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--87b675e9-cdf8-5b7f-809d-5f048d8530bd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a447f340-ae22-50ea-95c4-cc5ccf4d45e8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch31s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch31s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d66b862-9135-5c8b-86a8-ae766c15435a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch31s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch31s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fbf7af4-3ecc-56f9-8c4b-737083b71a3c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--895d3c04-fc01-5878-ae3f-629f469326bc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--70d0879d-f9cb-5d8d-8007-51d0a9c9ee5c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch60s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch60s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4edbb2bb-792d-5b31-b59d-32029c2abe23","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch60s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch60s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb3640b7-44dc-5879-a0fc-093b573db5b9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f18b9b43-3f5d-567b-921d-f7a82132b329","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch48s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch48s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78345308-0a0c-509c-98ff-ce9a7fb4185f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0da6d47c-7a52-51fe-aab4-1b95efeb6598","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6cbdea9d-c57a-56b9-b309-85bda83806d9","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5ea4a12-6bcb-5bb5-b827-9bd0ea5a98fb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65423a63-fba5-5d30-b24a-f34c0649d301","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4ca01d5f-2377-50e1-945f-c8acfe525cf2","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a805ee2b-d349-5f86-be17-dfa90ee77593","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch55s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch55s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d25b1a63-be7c-5baf-bcde-b3cfcba22ebc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch55s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch55s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d56ba182-6f15-5ade-9a49-75f9f4e23442","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch46s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch46s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b020c6d-34a0-59f9-a115-ef3604c62539","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch46s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch46s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fdf3a032-6c74-5804-9eb7-b5ec1c67e6c6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6468af9-de6c-5cdb-abba-296c1beb064b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b479d50-000b-5c5a-9aef-10a9fec4f46e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch61s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch61s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d44131a-7add-5099-9fd6-df843366659b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch61s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch61s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--388ce28d-4d02-5c97-8edf-0ef652cd1279","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch43s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch43s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8cc902c0-537f-5f0d-81d4-da5ae193e6ff","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch43s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch43s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--df56a478-cd4b-57e5-af57-0e0f9ec5e1f5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c36c324-0925-5dc5-8a18-78d9dd32cfa8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66801eb9-c8c3-57ce-bb2b-10ac417cf86e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch58s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch58s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f177b29e-cbf5-5c4c-b380-5c2960848c38","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch58s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch58s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12dffb8e-5116-5c91-99cc-1b425a4d09cf","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fbf1af6-c0f2-5f45-b9ed-4d94f436452c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7eb15ef0-2801-5c98-838f-44a72ef604a8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch97s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch97s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2dab5d85-2aaf-5a70-9397-a4e8c7aec6a5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch97s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch97s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04b9e877-1232-5702-9628-cd6e133fd1f6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch54s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch54s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--021460c6-85b7-5c74-9116-12ef5e33c0a8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch54s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch54s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b30f248-77b0-54f4-8bd8-dbb17e8dc895","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch68s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch68s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40cd8f7d-dffd-5e6e-b6a6-e2ae3a8e1037","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch68s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch68s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f01f8674-78ad-56d9-8023-0a263f05a941","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch63s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch63s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--09721b42-f725-5e46-9821-145e7b886d83","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch63s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch63s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa0c3a92-e77e-5de2-ae8e-0fac3ee2ee85","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0c92ee6-88d4-55db-b8e6-4611b3f671df","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b282ff5-3e95-5f39-907e-30f85bc28376","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch93s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch93s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c02bf087-4334-53b0-b349-78904b959e0b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch93s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch93s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7946b148-da53-50a9-b0c7-312a79495d9c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch78s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch78s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--653fb823-f701-559d-b685-aeea84c07252","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch78s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch78s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--009c77c7-f5fd-5723-910a-d1b1d0e538b8","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch79s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch79s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d4a2eed-d87d-52a1-94d2-980cd0b4b5d4","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch79s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch79s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d839ab8b-248f-5b6c-844c-a6876c1a3020","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch71s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch71s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d107d446-44d4-562f-8902-8e7ff81efbfc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch71s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch71s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a37ee6d-9960-5d19-b42c-7d60607dd995","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch65s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch65s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--705e700f-72d2-5cdc-b665-9f100d9c4c0e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch65s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch65s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23b952cd-ccea-55b7-9d76-617bd082114f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--124d83d0-e728-5051-9a2b-371d5823e86d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e2c14f6-5de4-5039-b79f-c62c8403b7c1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch76s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch76s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--964f957e-40e6-5180-93c9-982544c33113","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch76s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch76s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--521748c8-6af7-5a22-bfe0-afe7f5297306","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61fc5dcb-47bb-50cb-9518-e2081bae1c49","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6eebf22f-6111-59e6-9ba3-086bea1ee2a3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eac585e4-a67c-5462-aee0-974080e4e539","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch70s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch70s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bfbc9ea0-b540-5f6f-9b0a-6661dd7e7a54","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch66s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch66s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--afd3c114-c837-5c74-ae6f-d1f19905ad60","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch66s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch66s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b48b3c3b-2935-559b-b782-9b63846cf100","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1fbba96-c325-5afb-842b-072246d0d552","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1344bd33-0a6e-5633-ad41-adb071929409","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch67s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch67s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e358974-5b1f-5b86-8450-cd9cecb3028a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch67s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch67s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d979246b-9b07-528f-bf73-643468c5cf1c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch1s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch1s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--054c698b-8796-5566-84f9-299b888b3b72","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch1s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch1s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af6401d3-42ca-596c-804a-ec8fcb8920ad","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch64s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch64s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0743b0bd-619d-5d86-8535-f34e77db7110","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch64s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch64s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b75e7f0-12c7-5c20-9ee4-e85952e61b28","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--24120b56-c054-5489-8f92-ee16f3485164","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3821b8f2-1443-509c-a20c-e8543be55674","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch2s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch2s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8759fed8-bfbb-5cce-9954-500ea427fffd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch2s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch2s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052818521093034401"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99be7dce-b094-5ac1-9c57-e95706de03a5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch4s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch4s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43b4b82b-e61c-587c-b0b3-d60fafdef33b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch4s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch4s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48cd0810-4a45-52f3-908c-48a4b04c7c19","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--440cf056-eee0-5924-a278-948d4bd7bcb2","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--662e57de-9ec2-53c5-859f-f5b5996a3174","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch34s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch34s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0776a435-5a6a-563b-a310-8b794bb86655","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch34s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch34s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--54c768c7-a74b-5792-843a-5c93f27cea04","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch59s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch59s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eea26c58-a141-566b-ace3-a78b1ac0ea6c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch59s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch59s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e39f8183-1117-5abd-8815-9c6ff34a7095","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch20s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch20s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adeaf928-6f05-5972-8955-c55b8dbad1dc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch20s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch20s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ab837683-a588-573c-89ee-f7b2d616a0bb","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch5s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch5s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f80668c-08c1-5847-b0c9-4eca1d0ae1db","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch5s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch5s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--987b3bc3-3671-505c-a148-9f9c41e6a478","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch8s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch8s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6217302c-08c3-58b5-8b34-a6285b5da033","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch8s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch8s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d57a8e19-3d9d-502b-9bd8-5be281bb769c","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d60a85b4-edaa-5ae5-9c81-59a11d3ecc5e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--daa56012-21c9-5dd1-9bd2-09f1f7205c35","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch29s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch29s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e12f5c8b-98b0-56b1-b614-e444cc2bb039","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch29s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch29s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7ef76f1-390e-5c91-84c7-95545294ee68","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00e65c88-1f16-5f69-9a11-f30715b14ace","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e3de584-aa50-5e57-ab89-d5266d974aec","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch17s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch17s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c219376f-675f-5de1-9c9c-a9c582b472be","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch17s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch17s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b535ee54-1134-5ecb-b141-c6061393e5f3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch13s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch13s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4aa70795-5f3e-55d7-b453-22bb45750221","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch13s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch13s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2959b4b3-a38b-5577-912d-b8bf707bdc7b","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67ccac5d-d55b-5b85-89ca-9e37b46e6d34","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ba0236f-c246-57c3-8c1a-1ddf21910ff1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch15s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch15s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61cc49cb-6f20-5bec-b594-f93b142de6be","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch15s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch15s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ca84f7e-336b-5580-99d5-ef9d43bf5439","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89b38a74-eef5-541c-8be4-29fb921b92ae","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36b1b375-fb49-5800-9ab5-ac5ff5463e0d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85cb1af8-f3c6-5faf-926e-17b7d5c8b699","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0129ba80-d069-5f90-b23c-60f7c828b137","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch6s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch6s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac905d14-24c7-52eb-88b7-06fb88cf5cb3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch6s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch6s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c725c5a1-cfbf-5717-84aa-49e4bef3d4bc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch19s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch19s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f36d4986-eba0-56cc-bbff-783736133ac5","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch19s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch19s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71a87627-dd73-55aa-aed6-d7f6f5f47435","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch14s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch14s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c84eabd0-1de0-556a-baa6-4dc745a1e0c0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch14s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch14s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0509f06a-0bcf-5f7f-923a-0ddef8f19ef6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch30s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch30s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3d5bc6f-453e-5932-b908-0ec659446af1","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch30s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch30s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c90c431-4a3e-5e72-988b-d886390e0993","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch74s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch74s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f291d6cd-766e-5d8c-a266-7d4627582cbc","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch74s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch74s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4893cc43-5c79-5363-88e7-a51215da672d","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b52c6b3c-53b6-557c-a77f-0f536c400b39","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--45f1f011-8435-5247-b821-ad58cff37200","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a73b27aa-2c1b-5e05-b3a2-3867b24f16c2","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ea9e1c6-49e5-552e-9533-3ecdb0482369","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch42s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch42s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--51c26a14-9327-5132-ba5d-2a884871abc7","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch42s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch42s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eec5198a-e710-5fd3-bb49-a3b593d34940","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8789863d-cde6-5664-9512-ec2b1519006f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--08f9ada9-b27d-56ad-a4c7-49aea8f6143a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch9s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch9s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ecd33d76-8206-5eba-8981-28b43a8bfc51","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch9s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch9s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec8fad7a-b37a-517e-929e-faeaf929dae6","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fed701f0-25c3-5fd2-8b56-434319f2d6e3","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6cd75556-dd15-5c19-a06c-d34cf20602c2","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3ca5b81-d36f-5c39-b2fd-26c5208681c0","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e22fdb3a-5a1f-54a1-ab9c-faf55624c963","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6ed070c-644e-5980-bcab-02e44cad405f","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64155232-eeeb-5fad-912a-476d9bbfca8e","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"fetch16s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fetch16s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86494cb5-3f06-5e10-9a3c-b7052b478e90","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://fetch16s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fetch16s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--567a68b3-9eab-5d5d-b799-bec68c0751dd","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"try45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'try45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9037756e-f5f8-50e4-90e9-7c2c52369e3a","created":"2026-05-08T18:30:00.000Z","modified":"2026-05-08T18:30:00.000Z","valid_from":"2026-05-08T18:30:00.000Z","name":"http://try45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://try45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2036427645370441731"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cf2758f-0de8-5143-9098-1b8b28af1fe0","created":"2026-05-08T19:05:00.000Z","modified":"2026-05-08T19:05:00.000Z","valid_from":"2026-05-08T19:05:00.000Z","name":"dee823048e88af86ae251242ce0de3cc","description":"IOC reported by @ReBensk on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'dee823048e88af86ae251242ce0de3cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ReBensk/status/2052827129709285777"}],"labels":["Android","Trojan","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--585f1847-a97b-5fb0-9a88-fa815fdfb492","created":"2026-05-08T19:26:00.000Z","modified":"2026-05-08T19:26:00.000Z","valid_from":"2026-05-08T19:26:00.000Z","name":"Kingdommarket.live","description":"IOC reported by @DarkWebInformer on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Kingdommarket.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/DarkWebInformer/status/2052832612121444580"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3626930e-710f-560d-be36-99e0f3084e17","created":"2026-05-08T19:26:00.000Z","modified":"2026-05-08T19:26:00.000Z","valid_from":"2026-05-08T19:26:00.000Z","name":"http://Kingdommarket.live","description":"IOC reported by @DarkWebInformer on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Kingdommarket.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/DarkWebInformer/status/2052832612121444580"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--60c163c0-d1b5-5436-93be-44071dc9d7d0","created":"2026-05-08T19:26:00.000Z","modified":"2026-05-08T19:26:00.000Z","valid_from":"2026-05-08T19:26:00.000Z","name":"Kingdommarket.so","description":"IOC reported by @DarkWebInformer on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Kingdommarket.so']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/DarkWebInformer/status/2052832612121444580"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ec8a805-0b11-57b7-ba4a-eb1c34c7ce5c","created":"2026-05-08T19:26:00.000Z","modified":"2026-05-08T19:26:00.000Z","valid_from":"2026-05-08T19:26:00.000Z","name":"http://Kingdommarket.so","description":"IOC reported by @DarkWebInformer on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Kingdommarket.so']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/DarkWebInformer/status/2052832612121444580"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ddcea50d-8353-5e6e-b6b6-155602a20593","created":"2026-05-08T20:00:00.000Z","modified":"2026-05-08T20:00:00.000Z","valid_from":"2026-05-08T20:00:00.000Z","name":"competent-franklin-c73842.netlify.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'competent-franklin-c73842.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052841003510268367"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b74ea3a-1c91-5809-903d-847c5c02f851","created":"2026-05-08T20:00:00.000Z","modified":"2026-05-08T20:00:00.000Z","valid_from":"2026-05-08T20:00:00.000Z","name":"https://competent-franklin-c73842.netlify.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://competent-franklin-c73842.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052841003510268367"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c93e0f9c-2667-5a66-83c6-47cba57992b2","created":"2026-05-08T20:08:00.000Z","modified":"2026-05-08T20:08:00.000Z","valid_from":"2026-05-08T20:08:00.000Z","name":"01914660a0d11ef40e0d4bb43dad84716a9ac859097d73bfd15d66bab8f33b7d","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '01914660a0d11ef40e0d4bb43dad84716a9ac859097d73bfd15d66bab8f33b7d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2052843116642660718"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1a33863-40d8-5617-b41f-ef05bcc2ec97","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"pw3a.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pw3a.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8dc359ba-b25c-5387-a203-eaa5bc1f5c7a","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://pw3a.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pw3a.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--57790b38-dab4-57c9-8a83-3cceef5bd438","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"dkjtxz.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dkjtxz.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1248d76c-0106-52a3-9169-44aa2aea4959","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://dkjtxz.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dkjtxz.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b6680e6-58e9-5515-b71c-f91ba710b6b8","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"v1till.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'v1till.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a86afccd-5646-5544-8973-89f62910276e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://v1till.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://v1till.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f21761de-7b8a-54a2-9457-3ca2e240b3ff","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"eofmfd.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eofmfd.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3583ef47-1b29-5dbb-a32d-a47b329fe6af","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://eofmfd.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eofmfd.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8cae035e-098e-5b6f-9da0-11a6400d4769","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"elnmgi.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'elnmgi.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00e12071-919a-5f89-befb-be411bf355c7","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://elnmgi.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://elnmgi.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77403790-6121-5dbb-9d95-fa31285e61b3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"fgxlo.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fgxlo.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff1579c8-7da7-5aa5-83b8-2e8327c7de4e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://fgxlo.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fgxlo.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61f13b40-fd9b-5001-98db-41dc319fa3ef","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"rpxqf.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rpxqf.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--578cb53b-6ad4-5716-8b31-63d053cdb605","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://rpxqf.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rpxqf.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c39c0f2c-36ac-5bb2-abb3-591477f0e645","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a8f5c16-06bd-5696-869b-c26f52b2c538","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85e99a67-8c80-5ea1-9d18-eb92de9079d9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"6genq.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '6genq.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8553c7b1-f3d0-51f3-8fc5-028922e77a3e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://6genq.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://6genq.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f355ad82-4af3-53d9-8a30-c76517f797a5","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"b1pog1.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'b1pog1.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--940d05f7-06a8-5e2c-ad3e-1107d778b665","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://b1pog1.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://b1pog1.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0da769a6-3c2a-5e37-8599-f2617cde4cef","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"5d4c.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '5d4c.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b088e366-fcbb-5f73-8ea6-a608a7f69167","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://5d4c.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://5d4c.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1725fce8-4757-5810-bf64-c54cc30189ba","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"2mcwf4.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '2mcwf4.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c29ae646-f57a-524a-8c08-fbbb5aa86f19","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://2mcwf4.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://2mcwf4.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c656d7f9-5328-5400-8a2b-63e23ab1a20b","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"0fo6.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '0fo6.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--408254e4-f1d2-5bc3-abb9-8bfb7e84f385","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://0fo6.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://0fo6.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86fdcc0d-47f0-500f-a24e-d07ed729b5fc","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"gd77q.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gd77q.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59e6aef2-6fbb-5d01-839e-e01986614d75","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://gd77q.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gd77q.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43989dc9-2dd8-50e8-8d8a-17ae7bc4cd4d","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"jj7wwn.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jj7wwn.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f37fec2b-eaba-5888-b263-d111dc19a57c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://jj7wwn.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jj7wwn.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98efedf6-b26b-53c6-b0f3-2e205f4b348b","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"a26ma2.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'a26ma2.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3c023bf-4d66-59ee-9e60-057281b847eb","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://a26ma2.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://a26ma2.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2be22d6-7f2d-553d-96b4-e8892d1badab","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"7l86v.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '7l86v.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--808ba0e1-cf03-5440-8389-2f2674e6aab0","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://7l86v.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://7l86v.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb0d1820-a9d8-5cdf-8ba4-0b2a159f68a4","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"m8lprz.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'm8lprz.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d5e3edd-994a-5189-a537-7d68b5ad834d","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://m8lprz.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://m8lprz.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cbe3c288-62f8-5e90-b642-3253738cb9d8","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"67k57k.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '67k57k.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf4c22ce-94fb-50a5-a96f-1448a8312da3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://67k57k.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://67k57k.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c43828b9-81b0-549e-b91c-ea8182f3df32","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"r3zq3.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'r3zq3.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f8b009b-bdf2-5767-8365-865494f63dfc","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://r3zq3.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r3zq3.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17917dee-f614-56f4-a9f2-df35b43ce552","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"urdme.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'urdme.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e304e97-8609-5028-af3f-6d321db73c60","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://urdme.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://urdme.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f995d45b-dbdf-5c8c-bf02-f8b64eb34f57","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"f85dt4.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'f85dt4.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e45b57c8-909a-5713-b6d4-17063356caa7","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://f85dt4.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://f85dt4.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd2874e9-2b15-57ed-ba13-6733710623d6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"240np1.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '240np1.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--283d3f6e-6e41-5be8-bc6c-fa72c2d35a8a","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://240np1.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://240np1.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a49f9792-760a-57ec-b570-42c5e61cc88e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"gpw354.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gpw354.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--178a876a-a466-5641-97e7-28416f4cd50c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://gpw354.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gpw354.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd99fe9c-5b3b-5152-99c1-077a08a7aefe","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"o37lxe.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'o37lxe.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7d27a21-5511-57a7-9749-a8e9e51f105c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://o37lxe.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://o37lxe.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc381637-0c15-5a8c-ba99-7ab176689e78","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"p1zzbr.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'p1zzbr.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--edf1fad9-ffee-578d-b785-46432ea3aa0f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://p1zzbr.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p1zzbr.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ccdbf79e-71ea-558b-b9f2-2051ba99117f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"kwcg3.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kwcg3.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a8919f8f-9907-54e8-aff1-5dcebae4f587","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://kwcg3.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kwcg3.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eca1aee9-de2e-5ee0-9c8b-044f84cf0b5f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"7d05.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '7d05.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--193b1a43-4729-551d-9185-9305997e9ab2","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://7d05.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://7d05.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e1f9739-8306-5188-a142-cde896753d13","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"u2pi0z.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'u2pi0z.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83d91de0-64c1-55ad-be68-d41bcf4359ec","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://u2pi0z.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u2pi0z.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f781bfc3-91dc-5ea2-a4fa-002a5bf95473","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"vxmmzr.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vxmmzr.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e377d692-1dca-546b-b7fb-15b779636778","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://vxmmzr.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vxmmzr.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef0c8c53-2b0f-5354-99ae-949827689522","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bckgp.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bckgp.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dca65f3c-ba47-59a7-92fb-3b28bf0b3a08","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bckgp.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bckgp.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aba9b2d6-d040-5362-a71d-53ae7c2a9925","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"rqatu.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rqatu.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e92790b6-9d1b-5db2-8434-a068519cfeee","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://rqatu.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rqatu.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd5c3120-5fb2-58aa-a885-3bb2895100d1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"4t79.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '4t79.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77dbcf22-4c58-5d32-b5a8-bbdc58f1a627","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://4t79.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://4t79.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b94d2c1f-4d05-5b84-9d83-303ea5bd14eb","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"j527k.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j527k.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0609c39b-d945-595b-baae-defa32662609","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://j527k.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j527k.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68943b21-76c8-5044-ae86-2f144aed9899","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ri1unj.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ri1unj.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db73b2a0-e430-5ee3-a829-ee418577eb51","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ri1unj.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ri1unj.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--73e4541c-7a68-5a88-bc81-c818ccde3139","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"k2448.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'k2448.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5de186bf-1d70-52be-a393-631f2575a2dd","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://k2448.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://k2448.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a77c4639-5799-5da6-9b6e-5d6fd17fb385","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"90d2vi.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '90d2vi.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--456df2cb-35dc-512f-87b1-e7c1d29bb6e3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://90d2vi.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://90d2vi.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6947d52a-06de-5f40-823c-3b418c787553","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"z1kvz8.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'z1kvz8.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b695e89a-4f7c-50fb-87bd-bf4d283e14d8","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://z1kvz8.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://z1kvz8.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c7d0767-665f-5653-8cb5-fde039991a2d","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"rui.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rui.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6735a761-cae5-5624-b3af-ef567d8086cb","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://rui.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rui.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a962544-c74f-5765-be5b-c468d3e7c082","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"olw80.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'olw80.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6cae499b-18fa-5e14-9385-f03c6c5ed864","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://olw80.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://olw80.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77fb4fc7-d695-59b9-b0ea-9ba077058fd2","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"rjle.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rjle.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce294b59-7415-5b4a-8f70-436c83d3aa83","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://rjle.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rjle.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eaf261d3-8cc3-5e12-b767-85a3d6853e7f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"nejdfr.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nejdfr.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a664a06e-c7d2-5d5d-8109-139ae77dd69e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://nejdfr.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nejdfr.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e8e9d56-a1c1-5b7a-87c1-2be2b7aaa7fa","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"nxaf.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nxaf.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--010b3ada-8cbc-5b4d-984a-68419a4a1441","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://nxaf.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nxaf.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d6bfe95-7e73-5103-b5f5-621b8fa320ad","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"xj06mt.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xj06mt.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5cdc053-a0e4-52da-b693-4314c32709ae","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://xj06mt.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xj06mt.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a23e01f8-fc7d-59b5-bb8d-ade8052f9717","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"8g7uoz.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '8g7uoz.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6603d17d-fff1-5570-8afe-26f6f8cc6d1e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://8g7uoz.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://8g7uoz.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3782d882-23cb-5f40-b14f-d3445016da2a","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"koiusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'koiusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a7e8615-86fb-5c92-82b6-248bff7e0099","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://koiusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://koiusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a562427-22e0-537c-a637-0b0bb4b74f54","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"gbd6n.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gbd6n.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--893329e5-42de-5f03-a5f4-4fc7bbaaf689","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://gbd6n.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gbd6n.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84037c91-04a4-58ab-a6eb-3bff8e2ae323","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"lzmjv.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lzmjv.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15f19a98-1738-52a5-995f-0a18aa21ece6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://lzmjv.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lzmjv.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e78faff5-d6da-5e01-9223-8c9095b7a34c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"axpi6z.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'axpi6z.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7250824-1ea1-5d40-8d5b-f17243badbb5","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://axpi6z.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://axpi6z.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f946edfa-3deb-59bd-8384-4de1bf0f2a5d","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f414557c-7c25-5140-a47e-5806cf3f989c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--11e39f96-7527-54f5-9a10-daa6dda8e890","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"jd04fu.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jd04fu.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a37e1c1-7a22-57be-bcf7-96f37a188e01","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://jd04fu.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jd04fu.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0dafd092-c126-5ff2-845a-6dbaa83a6034","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"08q5.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '08q5.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ade77b4-30ea-5a83-8cff-13cd9a7ff2be","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://08q5.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://08q5.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64b60b46-701c-5900-9d51-8916d4ac5a70","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"5971i.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '5971i.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8721ed9b-9c80-571d-9c02-4f4638426db9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://5971i.ewqtgf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://5971i.ewqtgf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6042d5f-cfcd-510c-a365-2f9bbfd07a6e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"vji71d.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vji71d.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e966dd56-ab2c-5487-8cfe-26863098a528","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://vji71d.sdwnsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://vji71d.sdwnsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9421d819-2d07-5a9c-b8aa-17a67198e73a","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"jmpdats.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmpdats.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e82c4832-76cd-5b38-8821-141f8d915ebf","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://jmpdats.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmpdats.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72869e8b-f9c1-5ef2-adb1-6f435426a52f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.jmpdats.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.jmpdats.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--636a7b68-0c8d-5005-8eca-6a582e39b5a5","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.jmpdats.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.jmpdats.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5185c4fe-1b2f-568c-b051-fffa43d5baa6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.domanse.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.domanse.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--938c5dcb-4cd0-5a56-bfc1-29c020bfc725","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.domanse.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.domanse.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64270551-063d-526f-9440-bb984acf50f1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"coimusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'coimusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0aa6cbff-4d21-5e02-b31e-d39416f800bf","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://coimusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://coimusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d86d26f0-994d-5d97-97fc-ba9c00ecd493","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ninusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ninusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8022ba9-eebb-5f3d-b116-21a7abc7508c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ninusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ninusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b97ff35b-cb93-5127-a75e-9aebf15053a1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bbusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bbusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6982d95-7981-5d56-9b62-866c3977f343","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bbusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bbusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--45ce04a2-ddcc-55a7-a5c0-04fe9b73a7ff","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"btciusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btciusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee15f466-99b3-5bc3-b9ba-74a42e476f23","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://btciusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://btciusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9335a309-84ca-51fd-b767-71e23414b261","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"alamo-s.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'alamo-s.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4aa381e3-51b9-5d53-a687-00d0eadde4e8","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://alamo-s.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://alamo-s.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62405ab8-b4c8-5ef0-8dd0-4d391db19456","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"alam-os.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'alam-os.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--339c8c4d-4243-5d89-87cc-e0d6e726e64d","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://alam-os.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://alam-os.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7019d243-e4fe-5616-b16a-2d46645ef5e0","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ee1f1a0-4df3-5d99-a5f3-cf7b79907a80","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb877fc5-0ec5-5461-b0c9-c1c9bf738898","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a836c46-fcfa-5a80-96cc-ec970e19f0c1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6dcd0b7-f368-5350-8c87-c546561e6bf8","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ccusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ccusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a877c95b-bf5d-5000-8c25-53d888aaa03c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ccusdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ccusdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--706426c8-af9b-5b24-a525-f2d6fd932cd5","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ciousdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ciousdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1521f85-5b54-54eb-b057-477a0c4275f6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ciousdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ciousdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5399d4f0-a884-5d69-918b-a05647c8eea9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"mousdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mousdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--efa3f446-37c2-57d2-ad64-6859a06365ad","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://mousdt.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mousdt.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6fc3d25-fbce-5b9f-aa59-28550f5a66c5","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binanceo6.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binanceo6.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--08889670-5e8c-5af9-94ec-72db7aed85e1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binanceo6.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binanceo6.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--289f90df-2aec-5ab0-a147-12cb67516b56","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binancen4.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binancen4.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3121fef0-343a-5751-a4cf-ccf090069c86","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binancen4.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binancen4.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3683ceee-0231-50f2-9376-eb508e6e1403","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binancee2.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binancee2.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4bd2d9df-cc76-54c3-966a-79fa54beb2b0","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binancee2.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binancee2.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--afa1d972-7720-5e74-ac22-bb12a7af7fdd","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binancez5.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binancez5.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb0ab496-7049-5032-98e7-35e381c75d12","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binancez5.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binancez5.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc2b1339-3859-5b36-a517-6db776b0c31e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binaccem8.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binaccem8.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7db68d93-cc67-5927-8c45-9ceb1785ea3b","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binaccem8.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binaccem8.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0d781de-4473-581e-9424-f4d36be0d632","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binancev7.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binancev7.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75b69db8-3b7b-526e-9da2-41fd9a08b66a","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binancev7.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binancev7.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bca23fd7-4c42-58ef-9c12-efe45a4047bb","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binaiusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binaiusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a095e65-2a3d-55fa-814a-ec4a4f160755","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binaiusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binaiusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8130f280-b186-5e73-8807-64ee99df3213","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"erssegd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'erssegd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58c58c06-c1e2-570b-9ba3-a529eb1393e9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://erssegd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://erssegd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1ae540c-cd0a-5016-be32-097f084b8cf6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.erssegd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.erssegd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--88f2ba97-37b4-5788-8f03-b7ee58a94063","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.erssegd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.erssegd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd347e4b-52f5-5569-825e-f7afe1d31a5e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"biiusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'biiusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4fede0b-80a8-575a-b69b-57326bf86990","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://biiusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://biiusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e4f544e-ac63-58d1-8e7f-b6f4deaf213e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"biniusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'biniusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7a054ed-53cf-58db-8e11-eed0fa71d45c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://biniusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://biniusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b078683-7810-5d39-97e4-96132a6ae09d","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"biniousdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'biniousdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2daef5b7-8c75-555b-9a01-5b2cc20fbd0b","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://biniousdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://biniousdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a58788c-eaee-596b-b0af-03212c418d60","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybousdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybousdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f9fcf64-2cbf-5d6b-a943-be0d0fed5fde","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybousdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybousdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0bd79947-19a0-5bf0-8e9f-6835fea8d356","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybsusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybsusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16319098-ee4c-533d-b29c-b476e3f359fe","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybsusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybsusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdc5f9cf-149f-5c61-b201-a3a781fff8b9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binlusdx.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binlusdx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64b10dd7-3c2a-5847-9d8d-a9eaeec305ee","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binlusdx.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binlusdx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa1fda29-f54d-5435-88f6-f5edd3b79e45","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bintlxusdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bintlxusdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--287c64fd-d8ed-559f-b7cc-968a950c032c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bintlxusdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bintlxusdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d66179bb-3670-574e-95f3-24eed505b147","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binxusdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binxusdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90ce7384-cc4b-556c-a99c-aefd7eaba6d4","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binxusdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binxusdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2bc999a6-458d-5d08-af90-f127c495b4a9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"xinlusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xinlusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6216f552-b24b-51bb-8405-ca2377e87dcd","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://xinlusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xinlusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8da91f49-9815-58ed-b952-93609b29c84c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binccusdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binccusdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21007726-efd9-5983-bbf7-c8b9649f1c09","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binccusdc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binccusdc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff582a8b-6bae-585e-b4fe-c4b83e102479","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"japfc.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'japfc.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75c551a6-a192-5aa7-94ce-97ff5abf4628","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://japfc.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://japfc.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31e03a55-f550-5ff8-a846-9be3705dd06a","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.japfc.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.japfc.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6546354e-7185-52fa-840a-23c8a5a38b8a","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.japfc.top","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.japfc.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d3a1af2-072a-557f-99c3-4eaff9075619","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybssusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybssusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0f99de0-ffce-53ea-a40a-f70d8db74540","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybssusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybssusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--627940dc-02bb-58f3-b821-0295a42c0d49","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bholos.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bholos.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2439ee78-b409-5476-93b5-488b4a2169d2","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bholos.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bholos.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f48c056-8b78-5f90-9fdf-58f33e723289","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bhonso.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bhonso.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2898e6a6-c32f-595b-be2e-232bd87f140f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bhonso.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bhonso.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bbc49db4-53eb-57f4-a24c-e7d8acff74ea","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"prsjmp.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'prsjmp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8349e833-b611-5470-946c-e3234f3fd829","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://prsjmp.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://prsjmp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00d10406-cea9-5fe4-9404-885521ef9f21","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"injmps.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'injmps.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--021a11ce-e140-555f-addc-215f28668db2","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://injmps.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://injmps.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8cb42d72-c36c-58bd-accf-a0244d9fbcaa","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ffgydc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ffgydc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0f5e7fd-d9c8-5709-88e8-8e6ab61edeef","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ffgydc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ffgydc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1aa45352-1ab2-54cb-a94c-f3208163c6ae","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ousjms.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ousjms.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9dd6e222-21c4-5aea-9db7-608711ede1b3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ousjms.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ousjms.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--747d8c31-9836-54df-ba05-11db5c527cf2","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"jmpwes.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmpwes.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d983f7ee-ab21-519b-b731-fe9b325ad143","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://jmpwes.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmpwes.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a93006d-6dba-5931-ae20-d9428d3ef836","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybaausdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybaausdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5ca164a-fe4a-52af-adf6-d0df524cb826","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybaausdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybaausdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ed82a82-3fe9-5d88-baba-c5474d73a3d3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"osfcsl.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'osfcsl.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d472e877-501e-5a66-a897-4e0e57b561a8","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://osfcsl.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://osfcsl.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ede502f-d9f3-5915-8100-6c60d540e303","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"deomns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'deomns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf25444f-6030-5306-865c-59d8387db15b","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://deomns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://deomns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56321341-01f2-58de-ba14-db702d8b03ae","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binllusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binllusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a11c053-5d03-5810-a5d5-04f23ef0e0cf","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binllusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binllusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89a4f76c-0f3f-5ce8-8aab-a77006638905","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybopusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybopusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f828117f-d313-5aa4-994c-03be2698e541","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybopusd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybopusd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f324b684-1a78-5a9c-9db4-acd32766989b","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"dioeue.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dioeue.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b13a5b7-1a01-556f-8a4b-294a9dc6f8b9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://dioeue.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dioeue.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49ea6ac8-4e50-5651-a5ec-44aeacfd22d7","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybiiusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybiiusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3a05409-d33f-5881-b364-913749cea039","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybiiusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybiiusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e84c723f-b408-52f1-9b62-d29cf3838b23","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binyyusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binyyusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f31993e9-1edd-5051-93f9-efbcc2300a48","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binyyusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binyyusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--581f05e9-7d70-5a4c-b78c-c1b51db9f2a3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binttusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binttusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d06bcfe2-b92a-5759-b78e-0aeced421316","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binttusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binttusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c97443b7-536f-575d-bde6-4758b2de829f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binvvusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binvvusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85c3a766-1883-57f8-848c-6f5fe85722d8","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binvvusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binvvusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdfc6633-fe5c-50af-a527-f098c2442270","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"goixsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'goixsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d598251-2304-5ef7-bbfc-8951a69cbd7f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://goixsd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://goixsd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--002bbfcf-d2f6-5eab-a329-89a552df8753","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"nmiuiu.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nmiuiu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--de18fb44-68d2-53f6-95a0-d370624120b6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://nmiuiu.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nmiuiu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eea84e10-5ac0-5f51-8671-7fe010234cb1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"douiox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'douiox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d97975ab-fa96-5994-b8fd-4a0e9e9e752c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://douiox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://douiox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e829d1d0-89de-5e75-a852-419129b57fdd","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"koiucd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'koiucd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee599176-6dd6-5c5c-8c88-59ac7de5309b","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://koiucd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://koiucd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2705fef2-41e5-5f14-b4be-5b04258a8675","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"cionusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cionusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fb751e9-745e-57d0-bf9b-7714decdf2ab","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://cionusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cionusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--419267fa-d8a4-5d8a-8094-4d4163acfccb","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.cionusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.cionusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7b6efaa-04d8-5a27-89ab-266e912a87b6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.cionusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.cionusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db446dda-23dc-532b-8e6b-297c683215a1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"expmns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'expmns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7360ac9-604a-5b37-87dc-ab73b973e314","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://expmns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://expmns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fca59647-9d76-57d3-82fe-f0696e20e22d","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.expmns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.expmns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--192e2e50-4d07-57a9-b7d4-19941b38f246","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.expmns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.expmns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e767330e-4800-5fd9-8e6e-f4d064b53083","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"lin-bf8.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lin-bf8.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--70e04dcd-2021-5f44-a6f1-99f8383100e1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://lin-bf8.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lin-bf8.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b1112b1-f9de-5c93-a13b-53a2f9075676","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binalusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binalusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8ff4de0-ebfc-5300-9df5-6dd6c2a40a81","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binalusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binalusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64c1990f-2695-5030-ad5a-5bd905d59f72","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"th-binks.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'th-binks.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e4b0546-6914-539d-9285-9b081d700ab6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://th-binks.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://th-binks.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--abfb0635-ae07-5124-a136-830e8d1d0263","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.th-binks.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.th-binks.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--754283dc-c1cf-5df6-b8f6-79c3e9c0bad2","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.th-binks.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.th-binks.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91122aa0-fac7-5c8f-a026-f253f8a4eb48","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.lin-bf8.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.lin-bf8.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52f8d51f-e1be-5862-b1fe-356711c3e011","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.lin-bf8.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.lin-bf8.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39f4d976-a79b-5a04-9478-deb74b23cccb","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.jn-fc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.jn-fc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f3bf5f1-9103-5f5e-989d-16340c182a15","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.jn-fc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.jn-fc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--69df96e6-7a34-5f33-94d2-b83b56812ed6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.ttkx-bx.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.ttkx-bx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca154f28-4fb2-53bc-8f47-e694e4bc1f3b","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.ttkx-bx.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.ttkx-bx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--945e0755-374c-5afd-bd3e-16c8bd48cda9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"yl-ch.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'yl-ch.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4bd7ab0d-7f0a-591f-9f3b-4c2d3aaf8396","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://yl-ch.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://yl-ch.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91bcf8be-fa02-5b02-9e9c-c9263cabc21f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binkusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binkusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9042f36f-41e1-5605-83b5-b1f4f43d8ac1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binkusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binkusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99752ee1-96c1-51fa-8121-0feba61a95bb","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ms-crypto.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ms-crypto.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21fa86e7-bec1-5ddb-9439-b6c90316ff5f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ms-crypto.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ms-crypto.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ddba4a2-3882-5026-b33e-a3873d095eae","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ms-stypso.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ms-stypso.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a348c9c1-2aca-50c3-87fd-49f34e5dd027","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ms-stypso.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ms-stypso.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a914c8b-2549-51dd-aba7-fa4facfa9919","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"cio-r.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cio-r.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f648919a-972a-512f-b24d-f006cdb9d533","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://cio-r.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cio-r.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c77e6f20-f999-5aaf-b4f6-04c8ed5fc37e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"cio-a.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cio-a.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8580862-1907-522f-bd09-8def5ecb83f5","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://cio-a.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cio-a.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02428adc-2004-524e-92f0-76e23ce58830","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ttkx-bx.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ttkx-bx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fb13c32-945b-5641-8a7a-1d7e02074a97","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ttkx-bx.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ttkx-bx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e43464f-e2c2-5ed8-895d-d720dd19f03e","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"domanse.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'domanse.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--df5e0a10-efc1-5ce8-8fcd-81f33f9dfb38","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://domanse.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://domanse.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04ecb48d-2f69-5c45-b345-159f34a18b60","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4f809b8-b119-5f03-a1ca-0444c6063fe3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29987555-c94d-5545-a4d3-52642e8a1a84","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43e2b47f-b941-5244-a47e-a26b718bbcc7","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae9e57b6-7dbb-5440-b260-65e978dc9b18","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ms-tesf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ms-tesf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c24b3282-e446-5b4d-b88f-f5330b23b495","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ms-tesf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ms-tesf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--586fa203-02af-5a20-b01d-fe6d2b8959dc","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ms-txs.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ms-txs.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--729c75f2-2134-5beb-8a62-77caa97f31af","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ms-txs.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ms-txs.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90cce179-40c4-5967-9cd7-55adb25b7781","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"txs-ms.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'txs-ms.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ded7bd62-b638-56b8-8901-f7a2fc6bdd2f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://txs-ms.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://txs-ms.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--255503d0-9ffb-5def-9605-7a7ba28d1385","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"ms-csypro.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ms-csypro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25d4be69-f413-52d6-a3ba-949b0d9e5b66","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://ms-csypro.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ms-csypro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d7ef24c-4c77-5299-8035-13a2479a37ae","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"nec-a.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nec-a.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--394eb4db-da5c-575b-bbf6-db7dcfa50804","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://nec-a.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nec-a.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5323908-50f6-5854-b674-57fce0bb442c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"jn-fc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jn-fc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7388d0c-efe9-50c9-b2ae-c12afd2b8ab9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://jn-fc.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jn-fc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3192f43d-8e5a-5b3b-877e-5ebdada26786","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.ms-crypto.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.ms-crypto.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05fa1020-a12a-550b-9f72-7e032a96f695","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.ms-crypto.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.ms-crypto.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--241e2935-8301-5525-a5ad-488ce81930dc","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"chat.ms-crypto.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chat.ms-crypto.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--730c1e94-cb8e-5a4f-84fe-ed842932e4a6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://chat.ms-crypto.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chat.ms-crypto.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d78e26c-7dd0-54c2-9925-9ae8c8c0c827","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"byblusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'byblusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c3393f1-1996-589c-bed0-abc8145135a8","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://byblusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://byblusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4268c53c-4b70-509d-9c20-682a88e732c7","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybiusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybiusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b9c0be6-c7cc-5049-93fd-6aa17193e290","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybiusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybiusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0e6d229-6c6b-5c5a-9c7a-75ae7d308a78","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bao-fua.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bao-fua.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c05b318-5301-5a9d-87e6-c8caaefef422","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bao-fua.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bao-fua.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--448e1d35-abb6-5704-8b45-86bab1718eda","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"btcaan.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btcaan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37ce7713-ffd5-5738-b414-6adbe3eb06a0","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://btcaan.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://btcaan.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3e4d28d-97d6-5a97-9112-7273b8aeaa58","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"chat.cionusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chat.cionusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f78dd01-cd86-5f49-9c53-aff2391bada3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://chat.cionusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chat.cionusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c5a554b0-7a14-5676-b14f-13b0efc39452","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"btcaav.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btcaav.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be048035-ba2e-5952-af19-2ebe7a560328","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://btcaav.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://btcaav.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--988209f4-b6ff-5f73-861c-89770aeb18b3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binvusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binvusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90f4eb7c-74f3-57ba-89bc-11f3469d3a70","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binvusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binvusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2bb602f5-a037-5024-801a-3d02a46e10ff","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binanusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binanusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e93f0796-bbf3-549d-810f-0e4a11fd0562","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binanusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binanusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14b879e5-a057-56a6-945c-65b8f3dd9d7d","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"biniusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'biniusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91967096-a720-5fe4-b3c6-bfceda9f5245","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://biniusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://biniusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7cca81d-c435-5135-9fd6-b2e3d317e330","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bineusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bineusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6006129-fc2d-5d7d-801d-a75a78ba3fd6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bineusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bineusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76727a0b-6c26-5699-9642-3b0de70f6bc9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binbusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binbusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0955669-0a75-57d8-82ee-86c8c6b6ae4c","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binbusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binbusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--54bc2a2a-f241-5a29-af47-607713ba1a40","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.binbusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.binbusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c757f766-fc38-594d-b82d-d7db5da202b8","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.binbusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.binbusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5683230-fc59-5d31-bdd2-2db3e150d2d5","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"api.bineusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.bineusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38cf8272-cbd6-5a57-b5d3-a13ad3f2af50","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://api.bineusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.bineusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--297d6792-e7ea-5244-8e06-28ea436d7c5f","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binmusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binmusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b4da2c9-f792-530f-b7b3-5ca9f23c23a3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binmusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binmusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3ff9dfc-ae26-522e-8919-bcfabb3610fa","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binhusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binhusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a42eae01-1369-554c-a2f7-19199399248a","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binhusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binhusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28b3b100-c10c-55cc-bc03-5d05d6486c77","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binlusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binlusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dfbc1d44-bdb9-5c7b-b105-06114bbf40c9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binlusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binlusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--935d0207-1641-5ca8-85f0-0b11508b44a1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binjusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binjusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--083d6071-b487-56fe-9d2d-956541cefbe9","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binjusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binjusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f745a9a8-fd25-54e1-b4b9-964979face50","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binzusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binzusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ed25b35-6748-537a-8069-e4e182d792ab","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binzusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binzusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a42261db-26dd-554f-b39a-b11b0e1896d1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"binxusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'binxusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--722106ec-fe00-5c91-8941-e21a44449606","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://binxusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://binxusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed68e634-1d84-5a1e-b543-3fbf72807f21","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bybnusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bybnusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f321a83-dcc4-508d-aaf9-38fa7b03e448","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bybnusdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bybnusdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81290409-c1d3-5d56-b380-8d0f3491eb7b","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"btcaax.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btcaax.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--292a862c-1a25-5fe4-8371-76eb0d495fd1","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://btcaax.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://btcaax.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0355a876-868b-5458-a67f-67d4a6249fa7","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"btcaai.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btcaai.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--316f0e5f-468c-5b1f-b258-6b10a8ba3d78","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://btcaai.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://btcaai.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ddf5497f-b96e-5cc2-aeb2-a1dd67540364","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"btcaac.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btcaac.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7421c233-8d3c-5a7a-96f4-cb976c77f6a3","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://btcaac.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://btcaac.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62ded166-b93b-5371-a79d-2d50b9ffa7e4","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"bnbausdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bnbausdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8d58099-d318-5be4-8cfa-d8f882a84c70","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://bnbausdt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://bnbausdt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10c84eec-6ac7-5ece-95bc-dbf9abb43942","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"btcaaz.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btcaaz.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e425b5f-5042-53bb-84f6-abc0e331efde","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://btcaaz.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://btcaaz.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4798e0e-108b-543d-8ea5-031bbaf989c2","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"btcaal.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btcaal.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34538bdf-7c3f-555f-9291-3b33338c9d86","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://btcaal.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://btcaal.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0366425-fcd9-5e7f-a0fc-aca2627b34c2","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"btcaae.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btcaae.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78ae1de8-f4d5-5ca4-a4fd-f5ffe0e352a6","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://btcaae.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://btcaae.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4432ab6-0caa-5077-a238-d93bf62841d4","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"http://34.150.85.92","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://34.150.85.92']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c936bc5-2e9a-5e3e-846f-76a3658539a4","created":"2026-05-08T20:38:00.000Z","modified":"2026-05-08T20:38:00.000Z","valid_from":"2026-05-08T20:38:00.000Z","name":"34.150.85.92","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.150.85.92']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2052850540275736854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63547a5f-33f6-5427-9ea8-1c5a3041ebea","created":"2026-05-08T21:30:00.000Z","modified":"2026-05-08T21:30:00.000Z","valid_from":"2026-05-08T21:30:00.000Z","name":"http://45.157.233.103/phantom.sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.157.233.103/phantom.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2052863651166495135"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--35e736ac-1bc0-5c6d-b1d9-0a295a3d5011","created":"2026-05-08T21:30:00.000Z","modified":"2026-05-08T21:30:00.000Z","valid_from":"2026-05-08T21:30:00.000Z","name":"45.157.233.103","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.157.233.103']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2052863651166495135"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--05d2cc67-fcd3-50e0-a140-ef0c12a9a990","created":"2026-05-08T21:30:00.000Z","modified":"2026-05-08T21:30:00.000Z","valid_from":"2026-05-08T21:30:00.000Z","name":"3b67ea25fe8336d31ff480af4c857615","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '3b67ea25fe8336d31ff480af4c857615']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2052863651166495135"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c36c455d-e469-59e8-a955-85b01a3dacf1","created":"2026-05-08T22:00:00.000Z","modified":"2026-05-08T22:00:00.000Z","valid_from":"2026-05-08T22:00:00.000Z","name":"service-sso-kucoin-vdn.webflow.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'service-sso-kucoin-vdn.webflow.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052871215576990004"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e923c993-31c0-5c88-ad5c-f4749ea76b22","created":"2026-05-08T22:00:00.000Z","modified":"2026-05-08T22:00:00.000Z","valid_from":"2026-05-08T22:00:00.000Z","name":"https://service-sso-kucoin-vdn.webflow.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://service-sso-kucoin-vdn.webflow.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052871215576990004"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--749fcfde-9c90-53a9-9e13-b11225be260d","created":"2026-05-09T00:00:00.000Z","modified":"2026-05-09T00:00:00.000Z","valid_from":"2026-05-09T00:00:00.000Z","name":"redstoneciugafhoureon.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'redstoneciugafhoureon.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052901443397455959"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4311bd07-6f83-5f65-b315-1fdff91732e9","created":"2026-05-09T00:00:00.000Z","modified":"2026-05-09T00:00:00.000Z","valid_from":"2026-05-09T00:00:00.000Z","name":"https://redstoneciugafhoureon.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://redstoneciugafhoureon.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052901443397455959"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f86c13e-842c-52ae-b9d1-b7b7be4a2c0f","created":"2026-05-09T00:14:00.000Z","modified":"2026-05-09T00:14:00.000Z","valid_from":"2026-05-09T00:14:00.000Z","name":"http://65.109.55.181:8181/login","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://65.109.55.181:8181/login']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2052125969305964749"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b224f47-107a-5197-9691-d5e45594dc4e","created":"2026-05-09T00:14:00.000Z","modified":"2026-05-09T00:14:00.000Z","valid_from":"2026-05-09T00:14:00.000Z","name":"65.109.55.181","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '65.109.55.181']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2052125969305964749"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f6c923c-d2b0-51ec-bf70-dcfc129b8123","created":"2026-05-09T00:44:00.000Z","modified":"2026-05-09T00:44:00.000Z","valid_from":"2026-05-09T00:44:00.000Z","name":"seblevqc.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'seblevqc.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052912615483977791"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d70a406e-efda-504d-975e-8139774d0078","created":"2026-05-09T00:44:00.000Z","modified":"2026-05-09T00:44:00.000Z","valid_from":"2026-05-09T00:44:00.000Z","name":"https://seblevqc.com/HomeIahta/","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://seblevqc.com/HomeIahta/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052912615483977791"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdde6b43-69b4-5f0f-a44f-de00ce6a96df","created":"2026-05-09T00:44:00.000Z","modified":"2026-05-09T00:44:00.000Z","valid_from":"2026-05-09T00:44:00.000Z","name":"185.38.151.11","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.38.151.11']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2052912615483977791"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fce08ea2-d785-518e-be0a-3afcee823725","created":"2026-05-09T01:04:00.000Z","modified":"2026-05-09T01:04:00.000Z","valid_from":"2026-05-09T01:04:00.000Z","name":"lapkalulunet.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lapkalulunet.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052917504914428012"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cfc3eaf-4a3e-5598-b1b8-5165953de9ed","created":"2026-05-09T01:04:00.000Z","modified":"2026-05-09T01:04:00.000Z","valid_from":"2026-05-09T01:04:00.000Z","name":"http://lapkalulunet.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lapkalulunet.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2052917504914428012"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--487d0c69-b737-5b39-913c-147af59d1070","created":"2026-05-09T01:15:00.000Z","modified":"2026-05-09T01:15:00.000Z","valid_from":"2026-05-09T01:15:00.000Z","name":"137.220.152.149","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '137.220.152.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2052920375433166889"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adb17a52-d1f1-52ae-a80e-7870b9d59402","created":"2026-05-09T02:00:00.000Z","modified":"2026-05-09T02:00:00.000Z","valid_from":"2026-05-09T02:00:00.000Z","name":"xfdyghudrsr.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xfdyghudrsr.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052931614955524233"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae59256b-4eb5-53ee-83ea-820fe39af821","created":"2026-05-09T02:00:00.000Z","modified":"2026-05-09T02:00:00.000Z","valid_from":"2026-05-09T02:00:00.000Z","name":"https://xfdyghudrsr.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://xfdyghudrsr.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052931614955524233"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b7bfb83-696e-529b-ad0b-5026fe1635d5","created":"2026-05-09T04:00:00.000Z","modified":"2026-05-09T04:00:00.000Z","valid_from":"2026-05-09T04:00:00.000Z","name":"roblox.com.ge","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'roblox.com.ge']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052961828322390318"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d15a2786-f88e-5258-bb99-ee9aeafd5bb9","created":"2026-05-09T04:00:00.000Z","modified":"2026-05-09T04:00:00.000Z","valid_from":"2026-05-09T04:00:00.000Z","name":"https://roblox.com.ge/users/6964421643/profile","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://roblox.com.ge/users/6964421643/profile']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052961828322390318"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33cb076d-3e00-5166-a755-6c81a1a11f99","created":"2026-05-09T06:00:00.000Z","modified":"2026-05-09T06:00:00.000Z","valid_from":"2026-05-09T06:00:00.000Z","name":"mtech-kobe.co.jp","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mtech-kobe.co.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052991978971824314"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d3d18c2-d7b9-592c-ba99-c315e0fcee2b","created":"2026-05-09T06:00:00.000Z","modified":"2026-05-09T06:00:00.000Z","valid_from":"2026-05-09T06:00:00.000Z","name":"https://mtech-kobe.co.jp/wp/wp-content/plugins/eilfsigbjy/vv/globalsources/index2.php?email=","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mtech-kobe.co.jp/wp/wp-content/plugins/eilfsigbjy/vv/globalsources/index2.php?email=']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2052991978971824314"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d31dacb5-dea0-5a67-b550-a199bcc7d2de","created":"2026-05-09T06:55:00.000Z","modified":"2026-05-09T06:55:00.000Z","valid_from":"2026-05-09T06:55:00.000Z","name":"cf-mufg.xvfsf.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cf-mufg.xvfsf.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053005919760404755"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17e27380-9d45-5597-b0f5-445a8faf55ba","created":"2026-05-09T06:55:00.000Z","modified":"2026-05-09T06:55:00.000Z","valid_from":"2026-05-09T06:55:00.000Z","name":"https://cf-mufg.xvfsf.com/%F0%9D%90%A2%F0%9D%90%A7%F0%9D%90%9D%F0%9D%90%9E%F0%9D%90%B1.%F0%9D%90%A1%F0%9D%90%AD%F0%9D%90%A6%F0%9D%90%A5/","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cf-mufg.xvfsf.com/%F0%9D%90%A2%F0%9D%90%A7%F0%9D%90%9D%F0%9D%90%9E%F0%9D%90%B1.%F0%9D%90%A1%F0%9D%90%AD%F0%9D%90%A6%F0%9D%90%A5/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053005919760404755"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--deeb011b-ff42-5ceb-8df3-319c103c6a3d","created":"2026-05-09T06:55:00.000Z","modified":"2026-05-09T06:55:00.000Z","valid_from":"2026-05-09T06:55:00.000Z","name":"195.86.16.166","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '195.86.16.166']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053005919760404755"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2547e2b6-8989-5e10-a6e3-5c89cf0b7111","created":"2026-05-09T07:07:00.000Z","modified":"2026-05-09T07:07:00.000Z","valid_from":"2026-05-09T07:07:00.000Z","name":"http://185.99.255.17","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://185.99.255.17']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053008837645627745"}],"labels":["Hookbot"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48eb91d7-c7f4-5345-ae51-26b2054622ea","created":"2026-05-09T07:07:00.000Z","modified":"2026-05-09T07:07:00.000Z","valid_from":"2026-05-09T07:07:00.000Z","name":"185.99.255.17","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '185.99.255.17']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053008837645627745"}],"labels":["Hookbot"]},{"type":"indicator","spec_version":"2.1","id":"indicator--066e430a-4321-5ab1-812b-450d83b89609","created":"2026-05-09T08:00:00.000Z","modified":"2026-05-09T08:00:00.000Z","valid_from":"2026-05-09T08:00:00.000Z","name":"uniicatt.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uniicatt.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053022192472911916"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77cbe6a1-77ef-534b-a9c3-f4d4c1b7bfd0","created":"2026-05-09T08:00:00.000Z","modified":"2026-05-09T08:00:00.000Z","valid_from":"2026-05-09T08:00:00.000Z","name":"https://uniicatt.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://uniicatt.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053022192472911916"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--abb58814-0ba0-572a-8148-285421d4d617","created":"2026-05-09T10:00:00.000Z","modified":"2026-05-09T10:00:00.000Z","valid_from":"2026-05-09T10:00:00.000Z","name":"welcometouhcglobal.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'welcometouhcglobal.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053052410541580501"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb8b2555-c7a7-5a4c-bf35-1b7a42e0dd7c","created":"2026-05-09T10:00:00.000Z","modified":"2026-05-09T10:00:00.000Z","valid_from":"2026-05-09T10:00:00.000Z","name":"http://welcometouhcglobal.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://welcometouhcglobal.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053052410541580501"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2ff369a-a8e6-52bc-ac4a-32e8db4616dd","created":"2026-05-09T10:05:00.000Z","modified":"2026-05-09T10:05:00.000Z","valid_from":"2026-05-09T10:05:00.000Z","name":"50.16.16.211","description":"IOC reported by @404LABSx on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '50.16.16.211']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/404LABSx/status/2053053781143605251"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31966a68-d61f-526d-95db-9f1b1312129a","created":"2026-05-09T10:26:00.000Z","modified":"2026-05-09T10:26:00.000Z","valid_from":"2026-05-09T10:26:00.000Z","name":"sidrachaindexteam.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sidrachaindexteam.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053059018722013667"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dfe4a523-73b0-5ea6-beb9-add3373116a2","created":"2026-05-09T10:26:00.000Z","modified":"2026-05-09T10:26:00.000Z","valid_from":"2026-05-09T10:26:00.000Z","name":"http://sidrachaindexteam.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sidrachaindexteam.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053059018722013667"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e629ff05-c5e8-5e8f-acfe-b19e7afe6ca2","created":"2026-05-09T10:32:00.000Z","modified":"2026-05-09T10:32:00.000Z","valid_from":"2026-05-09T10:32:00.000Z","name":"podcastambassadorsprimes.ct.ws","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'podcastambassadorsprimes.ct.ws']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053060453085905117"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c856cd6-904b-5517-a796-8052998a5c78","created":"2026-05-09T10:32:00.000Z","modified":"2026-05-09T10:32:00.000Z","valid_from":"2026-05-09T10:32:00.000Z","name":"http://podcastambassadorsprimes.ct.ws","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://podcastambassadorsprimes.ct.ws']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053060453085905117"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc27c8b4-f4a1-5d1b-ad31-cc0236c7b7cd","created":"2026-05-09T10:40:00.000Z","modified":"2026-05-09T10:40:00.000Z","valid_from":"2026-05-09T10:40:00.000Z","name":"appealxdecision-x.team","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'appealxdecision-x.team']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053062487700906403"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--582aa716-8559-5ef9-9f77-84e7b3570789","created":"2026-05-09T10:40:00.000Z","modified":"2026-05-09T10:40:00.000Z","valid_from":"2026-05-09T10:40:00.000Z","name":"http://appealxdecision-x.team","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://appealxdecision-x.team']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053062487700906403"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e94758f6-70bf-5ac2-a078-eeaab9722190","created":"2026-05-09T11:10:00.000Z","modified":"2026-05-09T11:10:00.000Z","valid_from":"2026-05-09T11:10:00.000Z","name":"hastesbuy.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hastesbuy.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053070014648049981"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2648fe1-534c-5697-8eec-70a38d7fc601","created":"2026-05-09T11:10:00.000Z","modified":"2026-05-09T11:10:00.000Z","valid_from":"2026-05-09T11:10:00.000Z","name":"http://hastesbuy.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hastesbuy.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053070014648049981"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f6068c5-20b6-5caf-92dc-72725a8b5021","created":"2026-05-09T11:10:00.000Z","modified":"2026-05-09T11:10:00.000Z","valid_from":"2026-05-09T11:10:00.000Z","name":"agesbuy.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'agesbuy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053070014648049981"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c70d4cf4-ad40-59a0-ada4-2aa7411afa70","created":"2026-05-09T11:10:00.000Z","modified":"2026-05-09T11:10:00.000Z","valid_from":"2026-05-09T11:10:00.000Z","name":"http://agesbuy.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://agesbuy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053070014648049981"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--74bf02d2-bcfd-54fd-b3be-890994b43110","created":"2026-05-09T11:10:00.000Z","modified":"2026-05-09T11:10:00.000Z","valid_from":"2026-05-09T11:10:00.000Z","name":"badadan.netlify.app","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'badadan.netlify.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053070014648049981"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89432ef5-753b-5d58-9b1d-c010ac03f6b7","created":"2026-05-09T11:10:00.000Z","modified":"2026-05-09T11:10:00.000Z","valid_from":"2026-05-09T11:10:00.000Z","name":"http://badadan.netlify.app/app.apk","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://badadan.netlify.app/app.apk']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053070014648049981"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a437e01b-cdbb-5b20-9f92-d375b3539761","created":"2026-05-09T11:27:00.000Z","modified":"2026-05-09T11:27:00.000Z","valid_from":"2026-05-09T11:27:00.000Z","name":"lider-3d.ru","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lider-3d.ru']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053074472756760659"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f202434-d24b-5ab2-8d1d-8f346261eeff","created":"2026-05-09T11:27:00.000Z","modified":"2026-05-09T11:27:00.000Z","valid_from":"2026-05-09T11:27:00.000Z","name":"https://lider-3d.ru/downloader/index.php?id=BVUmmHNWMPtIEcv48dEJr6BH","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://lider-3d.ru/downloader/index.php?id=BVUmmHNWMPtIEcv48dEJr6BH']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053074472756760659"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f566918-7edf-573b-b30d-251f9021dd45","created":"2026-05-09T11:27:00.000Z","modified":"2026-05-09T11:27:00.000Z","valid_from":"2026-05-09T11:27:00.000Z","name":"5d706781fc6bb741045e8db41d0a8d9b6252f2908aa0e5df2595795a64e6c60e","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5d706781fc6bb741045e8db41d0a8d9b6252f2908aa0e5df2595795a64e6c60e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053074472756760659"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a2edd99-b473-5b86-b5ba-93bdc122c9f8","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"133a79e9094c14c0f41378c712fd9a3f7687e5ab6f781bd5fb94774e64f4b48d","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '133a79e9094c14c0f41378c712fd9a3f7687e5ab6f781bd5fb94774e64f4b48d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a194f1da-c86e-549d-acc2-c2baabc88064","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"2367fe508e8cd8ab57ac65d532ad036f99d11222cf9e06a74d8f54c68931926b","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '2367fe508e8cd8ab57ac65d532ad036f99d11222cf9e06a74d8f54c68931926b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5859ba24-66b2-5296-8445-aaac9824ae2c","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"15234d5912b39b3fcb25a905fc863ab647e6558e95d553fae8a84549201b9c84","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '15234d5912b39b3fcb25a905fc863ab647e6558e95d553fae8a84549201b9c84']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--36c8758a-325c-51e6-bad3-e29beccc781c","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"3299196b4913f068eeb93e7650a5cf5bbb10244be1e14724abb967d52b625d1e","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '3299196b4913f068eeb93e7650a5cf5bbb10244be1e14724abb967d52b625d1e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fad2281b-8c19-5490-8343-546b2fae12e1","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"260b52ce5e3a5b9f3c77b700ad4341b77d999c574962dff4c5514f2caaa4923e","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '260b52ce5e3a5b9f3c77b700ad4341b77d999c574962dff4c5514f2caaa4923e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac780578-3770-5cee-96f9-035549486f5d","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"37be3c5511017c2c7cd4023bb2385cbb2c6a0aa53c5bc6b18781cb6c208a482a","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '37be3c5511017c2c7cd4023bb2385cbb2c6a0aa53c5bc6b18781cb6c208a482a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf454988-04d8-557d-9353-d03cd91e1128","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"3a725e7ee8e57eebee5a95b1ead945e49ae456f2aba8ef43b597c3fad16b0722","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '3a725e7ee8e57eebee5a95b1ead945e49ae456f2aba8ef43b597c3fad16b0722']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--28b9c8d3-2e28-56ca-85bc-09fa7e5368e1","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"381755b623dd7a4c2b5d80aaf40d7083eea727dd1f473545539029656ca81817","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '381755b623dd7a4c2b5d80aaf40d7083eea727dd1f473545539029656ca81817']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ab27cbf-3e51-5639-b6ad-3af922368bad","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"47ca3a45f082d84429266dc4eab72d0476afcfa46f62678ef97b7446b1bd94c3","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '47ca3a45f082d84429266dc4eab72d0476afcfa46f62678ef97b7446b1bd94c3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce7e6415-f541-5196-beef-8c13777e1385","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"5639dd46a65243cab1ccf62d42df1322f1d5df13c4f6142ba43902f6760343cd","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5639dd46a65243cab1ccf62d42df1322f1d5df13c4f6142ba43902f6760343cd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--43613727-4b66-5478-a8d1-636733acdf45","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"6948923b6353d20e61acd2a6e6370630b7dc95edc1fb252fd4bd510a68bf7889","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '6948923b6353d20e61acd2a6e6370630b7dc95edc1fb252fd4bd510a68bf7889']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4af58f1d-d5e0-5cf1-b1ee-7f9b090ae676","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"7adaa5460905f9475039ab7724a5a66e7d35d456118fd35086ca1ef03a7d0a9e","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7adaa5460905f9475039ab7724a5a66e7d35d456118fd35086ca1ef03a7d0a9e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--38aedc7d-0483-5324-9ffe-6a30dd32fcb7","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"8047ce0c7566090d522b034ada16cee1febbb08cdaf9a95363e46c6e11f29139","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8047ce0c7566090d522b034ada16cee1febbb08cdaf9a95363e46c6e11f29139']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3e11b6d-44df-5280-a8e6-ac4c935995d8","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"8ce84443a023c6afe22f14f0b6c56d76f53e09540c0d628a2f47e4f0fa981aec","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8ce84443a023c6afe22f14f0b6c56d76f53e09540c0d628a2f47e4f0fa981aec']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fee1d92-7288-5208-9071-f01f7dd077ab","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"9241da7f3f4bff47e6682940ad073afbf66b9ad1246ff9c191759c3281077f34","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '9241da7f3f4bff47e6682940ad073afbf66b9ad1246ff9c191759c3281077f34']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--19fc3ced-baaf-5937-857e-05452c746a2f","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"94bbe5961689a597ccd716281012fcedb189356140bbc641451a8b7132f41e68","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '94bbe5961689a597ccd716281012fcedb189356140bbc641451a8b7132f41e68']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f85bfa2-af79-535e-8598-f569ee06198e","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"a133809a768c7c6b958d72ff6857677b14ed6bf284b99dc81a121442dfe04f90","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'a133809a768c7c6b958d72ff6857677b14ed6bf284b99dc81a121442dfe04f90']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd65a761-09b2-50f8-a7a4-0978070e8116","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"a873c8aa34cdebe0e90a40f3fae793b8f3253dc2bd536de85cf5f8d5299dfa00","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'a873c8aa34cdebe0e90a40f3fae793b8f3253dc2bd536de85cf5f8d5299dfa00']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a491dbea-2270-5263-8cf2-b31754caddb5","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"aa15b0ae4d1e4ab57ee78a0545b59ba04fe2959f8a4d9f2bf9ca667754515297","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'aa15b0ae4d1e4ab57ee78a0545b59ba04fe2959f8a4d9f2bf9ca667754515297']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e1ee389-ced9-55ec-9ead-653b4d5f5562","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"b4fc478b6c4699d52f42c382ce665e61d093fbef964a9e448aee5ca95ed261af","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'b4fc478b6c4699d52f42c382ce665e61d093fbef964a9e448aee5ca95ed261af']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--845fc3dc-16e3-58bc-9589-3519360eb17a","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"c35594d42f7a5d5d2895164147ee1bc62bb8e294c8468093b7d6fcaab0b174c8","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c35594d42f7a5d5d2895164147ee1bc62bb8e294c8468093b7d6fcaab0b174c8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--731083bb-d079-5282-8374-4ff4b47bab31","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"c43fd026f99bb4b767e17a2ddb55d7e2841129268d0afa1f99bd85574d26851c","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c43fd026f99bb4b767e17a2ddb55d7e2841129268d0afa1f99bd85574d26851c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2999ae14-42ef-5add-a01c-de6f8e129022","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"cf736497e4958f4392a38f686d85d004b473a34118579645b62db5647959822d","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'cf736497e4958f4392a38f686d85d004b473a34118579645b62db5647959822d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0ba4225-14ca-55db-aa16-37c313d3b05a","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"d83a3896b808a865204359191363246fa4508d95ffb4f1f1b56446e6bd8f2ded","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd83a3896b808a865204359191363246fa4508d95ffb4f1f1b56446e6bd8f2ded']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a336c50-669e-5429-8ac9-4571d07d2a8b","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"f48cb97ec31e9ae5b11ebee8d2053cc5f8813853b05dab5d15d88493fff398ed","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'f48cb97ec31e9ae5b11ebee8d2053cc5f8813853b05dab5d15d88493fff398ed']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--caade0cc-3c53-5314-a9b3-8c466a9ca761","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"f59cb70d4db391477011593aa378ff4c59f144dcbb087ea8ad277e0001f652a1","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'f59cb70d4db391477011593aa378ff4c59f144dcbb087ea8ad277e0001f652a1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7ae5d08-3a28-558b-86d2-435f3bf07a86","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"fc517a54aecc1e1e06e5d0ab902ce24bf57782cd77507327da9e04f55aad82bd","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'fc517a54aecc1e1e06e5d0ab902ce24bf57782cd77507327da9e04f55aad82bd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f186704-e4b5-5d73-96d7-f9af82bb39e7","created":"2026-05-09T11:35:00.000Z","modified":"2026-05-09T11:35:00.000Z","valid_from":"2026-05-09T11:35:00.000Z","name":"9e8aea15eff60db1060509564b0cee357491a84fe4ce7ccc34b384c67a5e805a","description":"IOC reported by @Now_on_VT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '9e8aea15eff60db1060509564b0cee357491a84fe4ce7ccc34b384c67a5e805a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Now_on_VT/status/2053076426627088402"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--88e73a40-4fe0-5284-a577-3adf20a3ef46","created":"2026-05-09T11:38:00.000Z","modified":"2026-05-09T11:38:00.000Z","valid_from":"2026-05-09T11:38:00.000Z","name":"https://www.dropbox.com/scl/fi/e0d8h0qk5yxlb1g8q41r4/setting.ini?rlkey=erfcy8x6d9q21mv1bzuvhtx0d&st=2bvvz4tx&dl=1","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.dropbox.com/scl/fi/e0d8h0qk5yxlb1g8q41r4/setting.ini?rlkey=erfcy8x6d9q21mv1bzuvhtx0d&st=2bvvz4tx&dl=1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053077262497415575"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5194a07-6bc2-5f44-b97c-b0df520fd441","created":"2026-05-09T11:38:00.000Z","modified":"2026-05-09T11:38:00.000Z","valid_from":"2026-05-09T11:38:00.000Z","name":"67c2aace4b861db99e5f90ed418d0233d903e9c871b4b76a6364dabcccbe9b25","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '67c2aace4b861db99e5f90ed418d0233d903e9c871b4b76a6364dabcccbe9b25']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053077262497415575"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd7fa17b-becf-5e6d-9eb5-43d5853386cb","created":"2026-05-09T11:38:00.000Z","modified":"2026-05-09T11:38:00.000Z","valid_from":"2026-05-09T11:38:00.000Z","name":"https://raw.githubusercontent.com/shantez441/EDGTy/refs/heads/main/wiask.ini","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://raw.githubusercontent.com/shantez441/EDGTy/refs/heads/main/wiask.ini']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053077262497415575"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4943f9cb-0322-5fd5-a15a-a2562585e1e4","created":"2026-05-09T12:00:00.000Z","modified":"2026-05-09T12:00:00.000Z","valid_from":"2026-05-09T12:00:00.000Z","name":"ooredodz.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ooredodz.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053082597148823611"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--714a9fa1-10cc-5bab-b645-e33310453463","created":"2026-05-09T12:00:00.000Z","modified":"2026-05-09T12:00:00.000Z","valid_from":"2026-05-09T12:00:00.000Z","name":"https://ooredodz.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ooredodz.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053082597148823611"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ded6316-4958-5bd4-b9e3-4f82cbc84c9f","created":"2026-05-09T13:01:00.000Z","modified":"2026-05-09T13:01:00.000Z","valid_from":"2026-05-09T13:01:00.000Z","name":"http://107.158.178.30","description":"IOC reported by @klawlikula on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://107.158.178.30']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/klawlikula/status/2053098013212430805"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a8a8a1d-f561-5bc2-8831-f85c849c9da9","created":"2026-05-09T13:01:00.000Z","modified":"2026-05-09T13:01:00.000Z","valid_from":"2026-05-09T13:01:00.000Z","name":"107.158.178.30","description":"IOC reported by @klawlikula on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '107.158.178.30']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/klawlikula/status/2053098013212430805"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a9e4d70-5e11-5552-8529-1061fc058663","created":"2026-05-09T13:01:00.000Z","modified":"2026-05-09T13:01:00.000Z","valid_from":"2026-05-09T13:01:00.000Z","name":"tzRk.store.ass0036.menloria.biz.ua","description":"IOC reported by @klawlikula on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tzRk.store.ass0036.menloria.biz.ua']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/klawlikula/status/2053098010683347196"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f041b526-dd25-5032-81a7-899b20a418c1","created":"2026-05-09T13:01:00.000Z","modified":"2026-05-09T13:01:00.000Z","valid_from":"2026-05-09T13:01:00.000Z","name":"http://tzRk.store.ass0036.menloria.biz.ua","description":"IOC reported by @klawlikula on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tzRk.store.ass0036.menloria.biz.ua']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/klawlikula/status/2053098010683347196"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f979c26-7a53-563f-b07a-bb5b68300d7a","created":"2026-05-09T14:00:00.000Z","modified":"2026-05-09T14:00:00.000Z","valid_from":"2026-05-09T14:00:00.000Z","name":"f.digitalmaillane.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'f.digitalmaillane.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053112788583661814"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3219ef21-7a2e-53c9-a712-284b19882f80","created":"2026-05-09T14:00:00.000Z","modified":"2026-05-09T14:00:00.000Z","valid_from":"2026-05-09T14:00:00.000Z","name":"http://f.digitalmaillane.com/igit/4/1e7swd5Wr719y6p0gaW5hrWbfpt80aW4dfWbc4Wn0WgW9","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://f.digitalmaillane.com/igit/4/1e7swd5Wr719y6p0gaW5hrWbfpt80aW4dfWbc4Wn0WgW9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053112788583661814"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb4e2c3f-b61a-5c6a-abb9-cc721d21a41f","created":"2026-05-09T16:00:00.000Z","modified":"2026-05-09T16:00:00.000Z","valid_from":"2026-05-09T16:00:00.000Z","name":"hctcc.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hctcc.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053143003586240963"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0f35acf-0c36-5007-b924-003e9085e656","created":"2026-05-09T16:00:00.000Z","modified":"2026-05-09T16:00:00.000Z","valid_from":"2026-05-09T16:00:00.000Z","name":"https://hctcc.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://hctcc.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053143003586240963"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb1c282f-3ac5-5894-9379-072bae313ea8","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"185.99.255.17.sslip.io","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '185.99.255.17.sslip.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ea20ed1-ac00-5db6-9844-1025f0c09b4f","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"http://185.99.255.17.sslip.io","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://185.99.255.17.sslip.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--55c45574-8e6e-58dc-aecd-52d568555ffa","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"api.slime-protect.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.slime-protect.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b59dad4-5ade-5e29-8355-169fdef5b02a","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"http://api.slime-protect.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.slime-protect.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8462574-8682-5226-8b04-2f01c581fd01","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"ciclilazzaretti.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ciclilazzaretti.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b2a265b-e10c-5f24-9c3e-9bb975a6e16a","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"http://ciclilazzaretti.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ciclilazzaretti.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b074b6c1-6759-5b9f-9f6b-dba23a799be7","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"logto-admin-lcgggscck4oocwg884ko4sok.185.99.255.17.sslip.io","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'logto-admin-lcgggscck4oocwg884ko4sok.185.99.255.17.sslip.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--298419f6-11f2-58b9-bb6e-64af9445714d","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"http://logto-admin-lcgggscck4oocwg884ko4sok.185.99.255.17.sslip.io","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://logto-admin-lcgggscck4oocwg884ko4sok.185.99.255.17.sslip.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7d4a0fc-5681-518b-a7e5-ee42cccd7248","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"logto-lcgggscck4oocwg884ko4sok.185.99.255.17.sslip.io","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'logto-lcgggscck4oocwg884ko4sok.185.99.255.17.sslip.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b3d3d28-3a6e-5547-85a0-790617104e30","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"http://logto-lcgggscck4oocwg884ko4sok.185.99.255.17.sslip.io","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://logto-lcgggscck4oocwg884ko4sok.185.99.255.17.sslip.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--31da5429-baf1-5d36-bd41-cb6af7fcc535","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"slime-protect.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'slime-protect.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3b43a44-671d-5dfa-935e-db0d11841be7","created":"2026-05-09T16:35:00.000Z","modified":"2026-05-09T16:35:00.000Z","valid_from":"2026-05-09T16:35:00.000Z","name":"http://slime-protect.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://slime-protect.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053151871930384813"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fbdfcec2-c9d4-5b56-b79d-205017736ba5","created":"2026-05-09T18:00:00.000Z","modified":"2026-05-09T18:00:00.000Z","valid_from":"2026-05-09T18:00:00.000Z","name":"sreedevz.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sreedevz.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053173174611693695"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1b2764f-a2f2-5160-b2bc-504fba3d5e7d","created":"2026-05-09T18:00:00.000Z","modified":"2026-05-09T18:00:00.000Z","valid_from":"2026-05-09T18:00:00.000Z","name":"https://sreedevz.github.io/Netflix-Clone/","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sreedevz.github.io/Netflix-Clone/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053173174611693695"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5629ba9d-9445-5a13-b45e-2ffbc26f77b4","created":"2026-05-09T18:00:00.000Z","modified":"2026-05-09T18:00:00.000Z","valid_from":"2026-05-09T18:00:00.000Z","name":"naterqn.onthewifi.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'naterqn.onthewifi.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2053173170128253289"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b80b6437-e3f9-5574-904d-8839aa702523","created":"2026-05-09T18:00:00.000Z","modified":"2026-05-09T18:00:00.000Z","valid_from":"2026-05-09T18:00:00.000Z","name":"http://naterqn.onthewifi.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://naterqn.onthewifi.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2053173170128253289"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fb6d949-690e-570f-9326-f47d4e3ea1f8","created":"2026-05-09T18:00:00.000Z","modified":"2026-05-09T18:00:00.000Z","valid_from":"2026-05-09T18:00:00.000Z","name":"http://27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2053173170128253289"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c41e64fd-bb60-5e1c-a8ea-f62b098b645e","created":"2026-05-09T18:00:00.000Z","modified":"2026-05-09T18:00:00.000Z","valid_from":"2026-05-09T18:00:00.000Z","name":"27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2053173170128253289"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31b9cb12-76d0-5380-8c60-9c7755d9aa38","created":"2026-05-09T18:20:00.000Z","modified":"2026-05-09T18:20:00.000Z","valid_from":"2026-05-09T18:20:00.000Z","name":"http://138.124.126.97/rabot","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://138.124.126.97/rabot']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053178265368481944"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--55aabc3b-192a-5687-9dd3-5cdfd8d0b390","created":"2026-05-09T18:20:00.000Z","modified":"2026-05-09T18:20:00.000Z","valid_from":"2026-05-09T18:20:00.000Z","name":"http://62.164.177.240:443/fakeurl.htm","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://62.164.177.240:443/fakeurl.htm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053178265368481944"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--63aee7f4-de9d-5c6f-9fdf-086c159167ee","created":"2026-05-09T18:20:00.000Z","modified":"2026-05-09T18:20:00.000Z","valid_from":"2026-05-09T18:20:00.000Z","name":"http://62.164.177.240/fakeurl.htm","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://62.164.177.240/fakeurl.htm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053178265368481944"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3dcc117b-8cc2-522c-ac0a-09f7bddd5f7f","created":"2026-05-09T18:20:00.000Z","modified":"2026-05-09T18:20:00.000Z","valid_from":"2026-05-09T18:20:00.000Z","name":"138.124.126.97","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '138.124.126.97']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053178265368481944"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e844e853-d455-50d8-b767-2cf511230235","created":"2026-05-09T18:20:00.000Z","modified":"2026-05-09T18:20:00.000Z","valid_from":"2026-05-09T18:20:00.000Z","name":"62.164.177.240","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '62.164.177.240']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053178265368481944"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e523d938-1078-5371-910c-18d47bf95c26","created":"2026-05-09T18:20:00.000Z","modified":"2026-05-09T18:20:00.000Z","valid_from":"2026-05-09T18:20:00.000Z","name":"4893de26be7c3014e1f48c6ad171743b30bedc9a1ad5ebdc739dad9dda87caef","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '4893de26be7c3014e1f48c6ad171743b30bedc9a1ad5ebdc739dad9dda87caef']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053178265368481944"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--661f1fc4-773a-5524-9478-ae8dc7e668bb","created":"2026-05-09T18:44:00.000Z","modified":"2026-05-09T18:44:00.000Z","valid_from":"2026-05-09T18:44:00.000Z","name":"ae409f3d835b583fd60657a894398589d3f712dcb72c85d8057fc81571d73cec","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'ae409f3d835b583fd60657a894398589d3f712dcb72c85d8057fc81571d73cec']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053184303605956843"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--29cfc9b1-9f87-58d2-9687-822ed5f149a9","created":"2026-05-09T19:02:00.000Z","modified":"2026-05-09T19:02:00.000Z","valid_from":"2026-05-09T19:02:00.000Z","name":"cert.smartbtc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cert.smartbtc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053188893726437695"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--95820539-06c5-5425-a01a-e32b3338b420","created":"2026-05-09T19:02:00.000Z","modified":"2026-05-09T19:02:00.000Z","valid_from":"2026-05-09T19:02:00.000Z","name":"http://cert.smartbtc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cert.smartbtc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053188893726437695"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2189cdff-95c1-5fc3-b3f3-74222365827b","created":"2026-05-09T19:02:00.000Z","modified":"2026-05-09T19:02:00.000Z","valid_from":"2026-05-09T19:02:00.000Z","name":"aointerviews.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'aointerviews.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053188893726437695"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--355d7300-6b6a-5274-8c5e-7a0542282a85","created":"2026-05-09T19:02:00.000Z","modified":"2026-05-09T19:02:00.000Z","valid_from":"2026-05-09T19:02:00.000Z","name":"http://aointerviews.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://aointerviews.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053188893726437695"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--55478624-c168-5775-8fd6-49ba7ec67008","created":"2026-05-09T19:02:00.000Z","modified":"2026-05-09T19:02:00.000Z","valid_from":"2026-05-09T19:02:00.000Z","name":"http://51.79.185.184","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://51.79.185.184']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053188893726437695"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--902e733a-d114-577b-905f-f685179e8d0a","created":"2026-05-09T19:02:00.000Z","modified":"2026-05-09T19:02:00.000Z","valid_from":"2026-05-09T19:02:00.000Z","name":"51.79.185.184","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '51.79.185.184']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053188893726437695"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f5e2f9e-7363-56f2-8770-04b422279eaa","created":"2026-05-09T19:09:00.000Z","modified":"2026-05-09T19:09:00.000Z","valid_from":"2026-05-09T19:09:00.000Z","name":"1921717197c1e6da607cf23a9f3da5f2d0e67ff7cbf6f5a82cd00b53524aa653","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '1921717197c1e6da607cf23a9f3da5f2d0e67ff7cbf6f5a82cd00b53524aa653']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053190702276722933"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--54817587-b6b5-5ccf-81a2-3e06a621b2f9","created":"2026-05-09T19:19:00.000Z","modified":"2026-05-09T19:19:00.000Z","valid_from":"2026-05-09T19:19:00.000Z","name":"anthodisk.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'anthodisk.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053193136814399697"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d190251c-38ce-5cc8-a9fd-940f5f5a0584","created":"2026-05-09T19:19:00.000Z","modified":"2026-05-09T19:19:00.000Z","valid_from":"2026-05-09T19:19:00.000Z","name":"http://anthodisk.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://anthodisk.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053193136814399697"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3fb7f96-32a0-5766-952e-90e475a54dbd","created":"2026-05-09T19:19:00.000Z","modified":"2026-05-09T19:19:00.000Z","valid_from":"2026-05-09T19:19:00.000Z","name":"lipontrent.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lipontrent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053193136814399697"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0628f6cb-01bd-55cc-987a-f9e0c7f91ddc","created":"2026-05-09T19:19:00.000Z","modified":"2026-05-09T19:19:00.000Z","valid_from":"2026-05-09T19:19:00.000Z","name":"http://lipontrent.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lipontrent.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053193136814399697"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--88bc3c8f-50a5-54d4-936c-b00b54c5668a","created":"2026-05-09T19:19:00.000Z","modified":"2026-05-09T19:19:00.000Z","valid_from":"2026-05-09T19:19:00.000Z","name":"scrappd.ink","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'scrappd.ink']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053193136814399697"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--289cd1fa-11f4-584a-a2a1-512732b59522","created":"2026-05-09T19:19:00.000Z","modified":"2026-05-09T19:19:00.000Z","valid_from":"2026-05-09T19:19:00.000Z","name":"http://scrappd.ink","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://scrappd.ink']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053193136814399697"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9094f80c-7988-5229-8545-b818d6ea056b","created":"2026-05-09T19:19:00.000Z","modified":"2026-05-09T19:19:00.000Z","valid_from":"2026-05-09T19:19:00.000Z","name":"expmle.ink","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'expmle.ink']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053193136814399697"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3a41657-173d-559d-b191-ba6e8d1dc9bf","created":"2026-05-09T19:19:00.000Z","modified":"2026-05-09T19:19:00.000Z","valid_from":"2026-05-09T19:19:00.000Z","name":"http://expmle.ink","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://expmle.ink']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053193136814399697"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3a1aed8-31ad-54d4-8a12-99d8d919a3ae","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"keypmenu.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'keypmenu.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c580511-7aef-58d8-b2c2-56ca906fd7f8","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"http://keypmenu.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://keypmenu.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e58e326-cd45-5fbf-b113-ea6bdb322ac6","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"kellystreets.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kellystreets.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d29fdb69-979c-5a94-bc7e-712ffaf9f339","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"http://kellystreets.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kellystreets.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c207e94-7c95-57c0-80c5-fad7e8e6f08a","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"recordstrace.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'recordstrace.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--510d4aa8-9f55-5838-81bb-ed71c2ed4e0e","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"http://recordstrace.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://recordstrace.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--441f99cf-3803-567f-b671-51c94824f71a","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"image-vlt.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'image-vlt.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--07b594ea-b71e-5086-b8db-5ed8415d0375","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"http://image-vlt.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://image-vlt.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6cc722b3-b5ab-5ec8-9d0d-c0cb246d8526","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"visaphoto-vault.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'visaphoto-vault.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--81017e42-23c1-5793-864b-31fef379863a","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"http://visaphoto-vault.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://visaphoto-vault.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--19097971-e524-505d-a0bb-eff453390de1","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"photostore-hub.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'photostore-hub.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--381d822d-050f-5729-9f85-685bcb233502","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"http://photostore-hub.info","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://photostore-hub.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e235470-01bf-593a-b966-8f294f400fb7","created":"2026-05-09T19:28:00.000Z","modified":"2026-05-09T19:28:00.000Z","valid_from":"2026-05-09T19:28:00.000Z","name":"d54a6dafa3e4d332aee833d6a96f5a74f0047e37f43dac72a669d6a4a0b9820f","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd54a6dafa3e4d332aee833d6a96f5a74f0047e37f43dac72a669d6a4a0b9820f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053195535033454909"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aac7da11-0aec-59bf-824a-14165b674faa","created":"2026-05-09T19:29:00.000Z","modified":"2026-05-09T19:29:00.000Z","valid_from":"2026-05-09T19:29:00.000Z","name":"jpgomd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jpgomd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053195790751850899"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a970a13-5dda-54f7-9847-df1049b0dd3c","created":"2026-05-09T19:29:00.000Z","modified":"2026-05-09T19:29:00.000Z","valid_from":"2026-05-09T19:29:00.000Z","name":"http://jpgomd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jpgomd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053195790751850899"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed8bf1eb-f8d3-5690-aa12-52bd70584747","created":"2026-05-09T19:29:00.000Z","modified":"2026-05-09T19:29:00.000Z","valid_from":"2026-05-09T19:29:00.000Z","name":"jpgrsv.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jpgrsv.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053195790751850899"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a09cec37-fe98-502c-914c-ecb69fae95c4","created":"2026-05-09T19:29:00.000Z","modified":"2026-05-09T19:29:00.000Z","valid_from":"2026-05-09T19:29:00.000Z","name":"http://jpgrsv.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jpgrsv.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053195790751850899"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a268556-8637-5ffd-9745-1274ebb04fe3","created":"2026-05-09T19:29:00.000Z","modified":"2026-05-09T19:29:00.000Z","valid_from":"2026-05-09T19:29:00.000Z","name":"http://45.227.254.10/fakeurl.htm","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45.227.254.10/fakeurl.htm']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053195790751850899"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2dd04e70-7d1f-59f5-bed1-7d9ce5693a69","created":"2026-05-09T19:29:00.000Z","modified":"2026-05-09T19:29:00.000Z","valid_from":"2026-05-09T19:29:00.000Z","name":"45.227.254.10","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.227.254.10']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053195790751850899"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64ea8b96-d18d-5104-9205-1a71ef82d250","created":"2026-05-09T19:29:00.000Z","modified":"2026-05-09T19:29:00.000Z","valid_from":"2026-05-09T19:29:00.000Z","name":"cb04f21f53d0cfbf576070268b8a8719","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'cb04f21f53d0cfbf576070268b8a8719']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053195790751850899"}],"labels":["NetSupport"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64105f09-c0df-5903-847c-9b622c8a5ac3","created":"2026-05-09T19:34:00.000Z","modified":"2026-05-09T19:34:00.000Z","valid_from":"2026-05-09T19:34:00.000Z","name":"a37b157d-8823-4ec3-8447-919c9b91e4e3.usrfiles.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'a37b157d-8823-4ec3-8447-919c9b91e4e3.usrfiles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053197052209725443"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--69003a27-b7c1-5c62-869e-4706193e5d0e","created":"2026-05-09T19:34:00.000Z","modified":"2026-05-09T19:34:00.000Z","valid_from":"2026-05-09T19:34:00.000Z","name":"http://a37b157d-8823-4ec3-8447-919c9b91e4e3.usrfiles.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://a37b157d-8823-4ec3-8447-919c9b91e4e3.usrfiles.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053197052209725443"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e7d50ae-a968-52e4-a356-bfa2d42d4ce5","created":"2026-05-09T19:34:00.000Z","modified":"2026-05-09T19:34:00.000Z","valid_from":"2026-05-09T19:34:00.000Z","name":"3b9d2f4b65f0943e31221ae1d937ea29d3da8b556dd6b7c4d7846444d7ba3001","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '3b9d2f4b65f0943e31221ae1d937ea29d3da8b556dd6b7c4d7846444d7ba3001']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053197052209725443"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--714b56b4-0abb-5bb1-bda5-3d5b5de91211","created":"2026-05-09T19:37:00.000Z","modified":"2026-05-09T19:37:00.000Z","valid_from":"2026-05-09T19:37:00.000Z","name":"http://43.142.51.69","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://43.142.51.69']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053197787416744393"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--773a9ded-2194-542f-bcc0-6abdab9a5c97","created":"2026-05-09T19:37:00.000Z","modified":"2026-05-09T19:37:00.000Z","valid_from":"2026-05-09T19:37:00.000Z","name":"43.142.51.69","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.142.51.69']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053197787416744393"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca808bef-3c5b-5674-8add-bf50554888fe","created":"2026-05-09T19:37:00.000Z","modified":"2026-05-09T19:37:00.000Z","valid_from":"2026-05-09T19:37:00.000Z","name":"7d7948005af45b2fbc59a20c266ffd70f584d0fba1a28e048bd9994ad9353bdb","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7d7948005af45b2fbc59a20c266ffd70f584d0fba1a28e048bd9994ad9353bdb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053197787416744393"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f455b35f-f10c-5c53-81af-3aee68a881a7","created":"2026-05-09T19:43:00.000Z","modified":"2026-05-09T19:43:00.000Z","valid_from":"2026-05-09T19:43:00.000Z","name":"doc-securehub.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doc-securehub.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053199219540869578"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c698922e-ec51-517e-9398-a61683ffc63c","created":"2026-05-09T19:43:00.000Z","modified":"2026-05-09T19:43:00.000Z","valid_from":"2026-05-09T19:43:00.000Z","name":"http://doc-securehub.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doc-securehub.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053199219540869578"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a5508c4-1a89-51e5-a868-f78225aa5364","created":"2026-05-09T19:43:00.000Z","modified":"2026-05-09T19:43:00.000Z","valid_from":"2026-05-09T19:43:00.000Z","name":"safe-picvault.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'safe-picvault.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053199219540869578"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9eec527-f9b9-5531-b4fd-510bf62acb1f","created":"2026-05-09T19:43:00.000Z","modified":"2026-05-09T19:43:00.000Z","valid_from":"2026-05-09T19:43:00.000Z","name":"http://safe-picvault.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://safe-picvault.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053199219540869578"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bee9fbdc-734e-5600-a6e2-373985c909a3","created":"2026-05-09T19:43:00.000Z","modified":"2026-05-09T19:43:00.000Z","valid_from":"2026-05-09T19:43:00.000Z","name":"safedoc-storage.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'safedoc-storage.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053199219540869578"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--43d7b318-e014-5048-9671-9b8ad6375c23","created":"2026-05-09T19:43:00.000Z","modified":"2026-05-09T19:43:00.000Z","valid_from":"2026-05-09T19:43:00.000Z","name":"http://safedoc-storage.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://safedoc-storage.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053199219540869578"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--26e6129e-5fce-5f65-b452-a823f1d6c7d0","created":"2026-05-09T20:00:00.000Z","modified":"2026-05-09T20:00:00.000Z","valid_from":"2026-05-09T20:00:00.000Z","name":"ledgr-live-s.zapier.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ledgr-live-s.zapier.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053203388720927067"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed3b725b-1dfa-5f72-93b8-8f035ca97dc4","created":"2026-05-09T20:00:00.000Z","modified":"2026-05-09T20:00:00.000Z","valid_from":"2026-05-09T20:00:00.000Z","name":"https://ledgr-live-s.zapier.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ledgr-live-s.zapier.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053203388720927067"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a0d6723-6d5c-5a6e-8eb0-9f601c2023b5","created":"2026-05-09T22:00:00.000Z","modified":"2026-05-09T22:00:00.000Z","valid_from":"2026-05-09T22:00:00.000Z","name":"mailtiscaliitupdate2026.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mailtiscaliitupdate2026.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053233598661038329"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--288099d0-80a2-5656-bbea-4391b1733f67","created":"2026-05-09T22:00:00.000Z","modified":"2026-05-09T22:00:00.000Z","valid_from":"2026-05-09T22:00:00.000Z","name":"https://mailtiscaliitupdate2026.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mailtiscaliitupdate2026.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053233598661038329"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1180c7e0-9ed0-53e2-b122-262305d07433","created":"2026-05-10T00:00:00.000Z","modified":"2026-05-10T00:00:00.000Z","valid_from":"2026-05-10T00:00:00.000Z","name":"arpitgoel889.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'arpitgoel889.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053263843992748534"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46161b1a-4124-50c4-95e9-d3a5a82485b2","created":"2026-05-10T00:00:00.000Z","modified":"2026-05-10T00:00:00.000Z","valid_from":"2026-05-10T00:00:00.000Z","name":"https://arpitgoel889.github.io/Instagram/","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://arpitgoel889.github.io/Instagram/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053263843992748534"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f69418e-a80a-501a-a7dd-a661351d10c1","created":"2026-05-10T00:26:00.000Z","modified":"2026-05-10T00:26:00.000Z","valid_from":"2026-05-10T00:26:00.000Z","name":"jwluck.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jwluck.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053270441473810905"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--80029f73-1408-5a3e-a2b1-add62812d7d5","created":"2026-05-10T00:26:00.000Z","modified":"2026-05-10T00:26:00.000Z","valid_from":"2026-05-10T00:26:00.000Z","name":"https://jwluck.com/newsletter/click/lxnn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jwluck.com/newsletter/click/lxnn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053270441473810905"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a28e849a-0d77-5a90-9ec8-2c48429d857a","created":"2026-05-10T00:29:00.000Z","modified":"2026-05-10T00:29:00.000Z","valid_from":"2026-05-10T00:29:00.000Z","name":"dxeebol.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dxeebol.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053271216988074255"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49ab5dec-7811-565c-bc8f-3807a1bc5d18","created":"2026-05-10T00:29:00.000Z","modified":"2026-05-10T00:29:00.000Z","valid_from":"2026-05-10T00:29:00.000Z","name":"https://dxeebol.com/support/rvar","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dxeebol.com/support/rvar']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053271216988074255"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0b5aeb4-2587-5411-8dc9-40887d51916d","created":"2026-05-10T02:00:00.000Z","modified":"2026-05-10T02:00:00.000Z","valid_from":"2026-05-10T02:00:00.000Z","name":"facebook-authentication.secure-datalink.org","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'facebook-authentication.secure-datalink.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053294013847883935"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5b54275-4c06-5ad8-8c3b-ba150449944b","created":"2026-05-10T02:00:00.000Z","modified":"2026-05-10T02:00:00.000Z","valid_from":"2026-05-10T02:00:00.000Z","name":"https://facebook-authentication.secure-datalink.org/landing/form/ee998719-7491-477e-8934-1608a3f86cba","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://facebook-authentication.secure-datalink.org/landing/form/ee998719-7491-477e-8934-1608a3f86cba']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053294013847883935"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7bd0025a-f0d2-5825-9286-4323e4b10823","created":"2026-05-10T04:00:00.000Z","modified":"2026-05-10T04:00:00.000Z","valid_from":"2026-05-10T04:00:00.000Z","name":"defidappsrestore.web.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'defidappsrestore.web.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053324182784512110"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fd71377-e87d-58c2-abed-6600c8f86282","created":"2026-05-10T04:00:00.000Z","modified":"2026-05-10T04:00:00.000Z","valid_from":"2026-05-10T04:00:00.000Z","name":"https://defidappsrestore.web.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://defidappsrestore.web.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053324182784512110"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3ca518c-06d4-5289-9462-1536a3e4041c","created":"2026-05-10T04:05:00.000Z","modified":"2026-05-10T04:05:00.000Z","valid_from":"2026-05-10T04:05:00.000Z","name":"sibillacapital.com","description":"IOC reported by @RansomwareLive on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sibillacapital.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RansomwareLive/status/2053325573666087318"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a2f9559-086f-52d0-bcaf-bbdec13cc104","created":"2026-05-10T04:05:00.000Z","modified":"2026-05-10T04:05:00.000Z","valid_from":"2026-05-10T04:05:00.000Z","name":"https://sibillacapital.com/@incranso","description":"IOC reported by @RansomwareLive on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sibillacapital.com/@incranso']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RansomwareLive/status/2053325573666087318"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e869404-5cd2-5e1f-a410-2b1289dd46c9","created":"2026-05-10T05:14:00.000Z","modified":"2026-05-10T05:14:00.000Z","valid_from":"2026-05-10T05:14:00.000Z","name":"43.160.218.110","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.160.218.110']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053342785915564042"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b986275-850e-50d7-a222-93f713ea3f58","created":"2026-05-10T06:00:00.000Z","modified":"2026-05-10T06:00:00.000Z","valid_from":"2026-05-10T06:00:00.000Z","name":"amazonbylio.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'amazonbylio.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053354433459655021"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--231ca1c1-b247-5559-b69d-7b90b1f978a5","created":"2026-05-10T06:00:00.000Z","modified":"2026-05-10T06:00:00.000Z","valid_from":"2026-05-10T06:00:00.000Z","name":"https://amazonbylio.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://amazonbylio.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053354433459655021"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5685e35-22d9-5b93-97bf-b10f407e8825","created":"2026-05-10T08:00:00.000Z","modified":"2026-05-10T08:00:00.000Z","valid_from":"2026-05-10T08:00:00.000Z","name":"gmx-konto74.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmx-konto74.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053384582003642781"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97a8b137-7dbd-54a6-9670-0f62f13b0f55","created":"2026-05-10T08:00:00.000Z","modified":"2026-05-10T08:00:00.000Z","valid_from":"2026-05-10T08:00:00.000Z","name":"https://gmx-konto74.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://gmx-konto74.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053384582003642781"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a000c9de-4a89-5392-8d30-648fb1c8dc76","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"u28x.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'u28x.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44b57a02-646d-559e-b1b5-926d9bddd507","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://u28x.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u28x.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8878e283-9592-54c6-83f1-67c02d0c3f5d","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"z63k.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'z63k.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--007168d9-c1e7-5de1-a278-5769e5cccf32","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://z63k.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://z63k.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9be099e-2b70-5862-b6c4-c88f27dea486","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"r45x.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'r45x.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc875c71-b3bc-515a-9ac7-37111eefc8a7","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://r45x.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r45x.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9fbbe286-2b12-5129-9af5-f47579400799","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"a86u.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'a86u.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f20f068d-bb9b-5c23-ba40-85d50d49b12a","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://a86u.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://a86u.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--deb18f3e-5a69-5fde-b580-48c52f3309f6","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"g47t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'g47t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b92f1e5-f6f0-5375-b07c-d4d08a322be9","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://g47t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g47t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--06cf4d52-acd5-5ae5-aac1-f301d6d45a8e","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"t34d.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 't34d.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1e5dc6e-c094-5b24-9a39-553fce2072d4","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://t34d.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t34d.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b14f156-37b8-5031-8c09-60235ebad290","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"k29h.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'k29h.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84ca451f-8a86-5fc5-9747-f5173647fb3f","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://k29h.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://k29h.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0795e3ef-ac8a-5a20-a851-768ce3499068","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"y28s.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'y28s.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba0613f7-7170-5142-a8a5-3f5b337fbfc6","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://y28s.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y28s.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9e02302-ed37-50e8-9b6a-a4eb5f9665ce","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"j75n.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j75n.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33694624-f74a-5247-aef0-544854528f53","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://j75n.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j75n.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4ea5e80-b434-5048-9b44-417250bfa65a","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"j82k.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j82k.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce0b0215-7b52-5a53-a6ce-0baaaf5fdcb6","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://j82k.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j82k.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92e967d3-4400-5f10-ab31-537d05968471","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"j69t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j69t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba7527b3-e4c8-5794-b3d0-00e56f92b6db","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://j69t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j69t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d92c4383-39ee-5b28-b869-dc3f792ea4ef","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"j56y.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j56y.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d219f4d2-9364-5d40-9902-52a6f9f5b08f","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://j56y.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b99a2089-aafc-5ad0-a87b-c56116e89620","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"r47b.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'r47b.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3287317-0816-50c6-851c-daeed976f724","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://r47b.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://r47b.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd933e21-d642-54f7-9f84-44ba1ab0f33f","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"p78t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'p78t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--516a6c73-94dd-5bd4-aa17-a69b82749b50","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://p78t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p78t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d12fb16d-bea5-5a58-9ef3-902bcb81f9c3","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"j56y.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j56y.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--55eedca5-76d5-5ad8-8018-52eba0a1b264","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://j56y.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j56y.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a91f80cf-0a45-5845-817c-2ac9acd02f94","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"v52e.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'v52e.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a972f110-f025-5a6d-b505-d1f2b6139da9","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://v52e.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://v52e.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1df3e60a-3000-54ad-b8fd-66f5b4bf245a","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"n58k.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n58k.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d84c6ea2-7c81-5f64-ab29-2bcf1f114362","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://n58k.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n58k.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f981f00c-c319-5daa-b76c-d321d6be14ff","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"j28t.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'j28t.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d7d1d15-187c-5795-8f29-006d01c773d7","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://j28t.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://j28t.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--94d22e37-22d2-5604-b836-5c948c1946c1","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"v22a.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'v22a.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30fc5647-d002-544f-96f1-a099c2e1c51b","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://v22a.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://v22a.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--820a90a2-91e4-5eea-865b-69791f622533","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"y12p.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'y12p.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1aaad6be-2e40-528f-987d-306d06dfe4b2","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://y12p.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y12p.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--024f342b-c695-54a3-9a2a-35e8a992dce0","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"v42t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'v42t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d15ad7ec-3e94-5798-b19b-818548564fe4","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://v42t.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://v42t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc55e36b-f358-5374-a503-10ef8c375b3d","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"y66u.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'y66u.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd8de9b6-1e4e-5309-b7c3-744d97874f65","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://y66u.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y66u.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cbe0e4a4-0fcf-5521-9188-b117b59bb55d","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"s44n.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 's44n.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0833a69-4447-5128-859f-4dbee1693b2b","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://s44n.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://s44n.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76055abe-54c1-5d47-8fa2-2398ccc1c4c0","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"u84k.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'u84k.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1f76885-64b0-5941-ba21-18251cc058ac","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://u84k.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://u84k.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a890e500-89d8-5ec4-b938-0bedb264631f","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"g86d.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'g86d.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12d658bd-4f12-50ef-83f0-5d34c2d13221","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://g86d.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g86d.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e246d41-a2ac-5aef-9a9f-a8392f5a4837","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"y29v.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'y29v.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--51fe5ebb-e971-5848-b0f7-3f64713e365d","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://y29v.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://y29v.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f065b5de-ee47-59f7-bd12-aa9142eee523","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"b47t.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'b47t.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--552c7c07-132f-513d-86ba-838b72eb4758","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://b47t.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://b47t.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53934beb-8fbc-5c6c-847d-6d37fdf89378","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"t45r.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 't45r.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f76be1e-d34e-5549-b000-f977f2c3d3ab","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://t45r.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t45r.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27a7e541-0793-57cd-acb5-1f217aaa89a6","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"g83u.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'g83u.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--672aeb71-36e6-5a3a-bd96-7095da9bbb7d","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://g83u.site","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://g83u.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d6ca7a1-99db-5755-89fc-dbfc6420ba69","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"f28n.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'f28n.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e766c30-afb4-5431-a80b-ffb2f85e028d","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://f28n.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://f28n.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5bd4bc5-d8ae-5403-aabf-bd14a60bf126","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"http://67.209.179.189","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://67.209.179.189']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bcbe0ac0-b5e1-5906-9248-637acec476fe","created":"2026-05-10T08:10:00.000Z","modified":"2026-05-10T08:10:00.000Z","valid_from":"2026-05-10T08:10:00.000Z","name":"67.209.179.189","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '67.209.179.189']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053387289636536712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7951f66-0667-5231-944d-77366f0a9e62","created":"2026-05-10T08:40:00.000Z","modified":"2026-05-10T08:40:00.000Z","valid_from":"2026-05-10T08:40:00.000Z","name":"31.3.218.73","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '31.3.218.73']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053394653836427316"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7dfbe2c6-b871-5bb3-b358-832db7177fdc","created":"2026-05-10T09:28:00.000Z","modified":"2026-05-10T09:28:00.000Z","valid_from":"2026-05-10T09:28:00.000Z","name":"c283d62a0b3a8b073dc436c71611f6d1ecb324b70a4f1c5cd46ec9b4beccd02e","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c283d62a0b3a8b073dc436c71611f6d1ecb324b70a4f1c5cd46ec9b4beccd02e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053406821767848397"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--945b5c33-448f-5675-bcd8-157edc2d9950","created":"2026-05-10T09:41:00.000Z","modified":"2026-05-10T09:41:00.000Z","valid_from":"2026-05-10T09:41:00.000Z","name":"mes4qo4rd6t3biyrm6q4twkquspzd7r4kg7va765nbdfxqgnc2w3pead.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mes4qo4rd6t3biyrm6q4twkquspzd7r4kg7va765nbdfxqgnc2w3pead.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2053410126988710029"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb6cb666-faad-5f1c-b69f-b59bc60f2c0c","created":"2026-05-10T09:41:00.000Z","modified":"2026-05-10T09:41:00.000Z","valid_from":"2026-05-10T09:41:00.000Z","name":"https://mes4qo4rd6t3biyrm6q4twkquspzd7r4kg7va765nbdfxqgnc2w3pead.onion","description":"IOC reported by @fbgwls245 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mes4qo4rd6t3biyrm6q4twkquspzd7r4kg7va765nbdfxqgnc2w3pead.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fbgwls245/status/2053410126988710029"}],"labels":["ransomware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b7bfb83-696e-529b-ad0b-5026fe1635d5","created":"2026-05-10T10:00:00.000Z","modified":"2026-05-10T10:00:00.000Z","valid_from":"2026-05-10T10:00:00.000Z","name":"roblox.com.ge","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'roblox.com.ge']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053414763573502092"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--829e2c12-962b-55f6-8600-9894ce5ceed1","created":"2026-05-10T10:00:00.000Z","modified":"2026-05-10T10:00:00.000Z","valid_from":"2026-05-10T10:00:00.000Z","name":"https://roblox.com.ge/communities/5040898348/","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://roblox.com.ge/communities/5040898348/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053414763573502092"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3293cfd-c7e7-5f5b-884b-86c89d9b7986","created":"2026-05-10T10:36:00.000Z","modified":"2026-05-10T10:36:00.000Z","valid_from":"2026-05-10T10:36:00.000Z","name":"178.105.102.230","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '178.105.102.230']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053423935656775950"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--abe4515e-8825-5853-ae9b-289e965a0c8b","created":"2026-05-10T12:00:00.000Z","modified":"2026-05-10T12:00:00.000Z","valid_from":"2026-05-10T12:00:00.000Z","name":"vasudevrameshjangid.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vasudevrameshjangid.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053444986192998828"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f60d376a-fe2e-5c50-af76-958eb9b70453","created":"2026-05-10T12:00:00.000Z","modified":"2026-05-10T12:00:00.000Z","valid_from":"2026-05-10T12:00:00.000Z","name":"https://vasudevrameshjangid.github.io/clonenetbyvasu","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://vasudevrameshjangid.github.io/clonenetbyvasu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053444986192998828"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba8d3d39-3420-54ee-9848-417e55fecfe3","created":"2026-05-10T14:00:00.000Z","modified":"2026-05-10T14:00:00.000Z","valid_from":"2026-05-10T14:00:00.000Z","name":"cloud-a34c2.web.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cloud-a34c2.web.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053475184879780230"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38ce0a24-db7e-586f-ac1f-3972dde9eca7","created":"2026-05-10T14:00:00.000Z","modified":"2026-05-10T14:00:00.000Z","valid_from":"2026-05-10T14:00:00.000Z","name":"https://cloud-a34c2.web.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cloud-a34c2.web.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053475184879780230"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd6f7d26-35ae-573a-8d5b-84c690f239c2","created":"2026-05-10T14:58:00.000Z","modified":"2026-05-10T14:58:00.000Z","valid_from":"2026-05-10T14:58:00.000Z","name":"dcqxqqx.dumzv.cn","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dcqxqqx.dumzv.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2053489748489216001"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--983be40b-8093-52b1-acc9-e2849a18f2bf","created":"2026-05-10T14:58:00.000Z","modified":"2026-05-10T14:58:00.000Z","valid_from":"2026-05-10T14:58:00.000Z","name":"https://dcqxqqx.dumzv.cn/gpajp/accunt/lginox/","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dcqxqqx.dumzv.cn/gpajp/accunt/lginox/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2053489748489216001"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1b6f075-1e86-54c2-a0c0-dc776910bea8","created":"2026-05-10T14:58:00.000Z","modified":"2026-05-10T14:58:00.000Z","valid_from":"2026-05-10T14:58:00.000Z","name":"meekys.mtffx.cn","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'meekys.mtffx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2053489748489216001"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8dcff19-9c8a-5d1f-8a33-2620747f3b3a","created":"2026-05-10T14:58:00.000Z","modified":"2026-05-10T14:58:00.000Z","valid_from":"2026-05-10T14:58:00.000Z","name":"https://meekys.mtffx.cn/gpajp/accunt/lginox/","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://meekys.mtffx.cn/gpajp/accunt/lginox/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2053489748489216001"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9a75741-e2a3-5729-8f80-5485d105ca40","created":"2026-05-10T14:58:00.000Z","modified":"2026-05-10T14:58:00.000Z","valid_from":"2026-05-10T14:58:00.000Z","name":"zamknj.xagnnx.cn","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zamknj.xagnnx.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2053489748489216001"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15b42b24-f15f-56ac-a4b3-fdf01ae08d91","created":"2026-05-10T14:58:00.000Z","modified":"2026-05-10T14:58:00.000Z","valid_from":"2026-05-10T14:58:00.000Z","name":"https://zamknj.xagnnx.cn/gpajp/accunt/lginox/","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zamknj.xagnnx.cn/gpajp/accunt/lginox/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2053489748489216001"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14646d38-f535-505d-9544-5d0ec6d3ce49","created":"2026-05-10T14:58:00.000Z","modified":"2026-05-10T14:58:00.000Z","valid_from":"2026-05-10T14:58:00.000Z","name":"165.154.231.146","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '165.154.231.146']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2053489748489216001"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65ddd178-752d-52b2-bb23-35545a97df57","created":"2026-05-10T15:05:00.000Z","modified":"2026-05-10T15:05:00.000Z","valid_from":"2026-05-10T15:05:00.000Z","name":"n9.cl","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n9.cl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053491618225979711"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--20583637-0e44-5fa1-9e0c-c1842d31290c","created":"2026-05-10T15:05:00.000Z","modified":"2026-05-10T15:05:00.000Z","valid_from":"2026-05-10T15:05:00.000Z","name":"https://n9.cl/tuhgeg","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://n9.cl/tuhgeg']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053491618225979711"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffc92d68-c3de-5f44-842a-7c65102280a9","created":"2026-05-10T16:00:00.000Z","modified":"2026-05-10T16:00:00.000Z","valid_from":"2026-05-10T16:00:00.000Z","name":"portal-kucoin-login-info.typedream.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'portal-kucoin-login-info.typedream.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053505409034449333"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e44990e-69a4-54e6-8659-e003c66c0b0d","created":"2026-05-10T16:00:00.000Z","modified":"2026-05-10T16:00:00.000Z","valid_from":"2026-05-10T16:00:00.000Z","name":"https://portal-kucoin-login-info.typedream.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://portal-kucoin-login-info.typedream.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053505409034449333"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c447df66-e196-5b85-afc5-35918f54ecfe","created":"2026-05-10T16:44:00.000Z","modified":"2026-05-10T16:44:00.000Z","valid_from":"2026-05-10T16:44:00.000Z","name":"193.169.240.81","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '193.169.240.81']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053516490687778916"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f108588f-ee80-5ed1-b3cb-e543a2808261","created":"2026-05-10T16:58:00.000Z","modified":"2026-05-10T16:58:00.000Z","valid_from":"2026-05-10T16:58:00.000Z","name":"ghostupdate.duckdns.org","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ghostupdate.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053520109134573579"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e15de357-c849-53fd-95c7-dc21af4214e1","created":"2026-05-10T16:58:00.000Z","modified":"2026-05-10T16:58:00.000Z","valid_from":"2026-05-10T16:58:00.000Z","name":"http://ghostupdate.duckdns.org","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ghostupdate.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053520109134573579"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d44f449-610b-504f-ae98-78de21ad3ef9","created":"2026-05-10T17:15:00.000Z","modified":"2026-05-10T17:15:00.000Z","valid_from":"2026-05-10T17:15:00.000Z","name":"798ed7dd5b733b82b05df7fe9f6f546f","description":"IOC reported by @ReBensk on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '798ed7dd5b733b82b05df7fe9f6f546f']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ReBensk/status/2053524302776132078"}],"labels":["Android","Trojan","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2f02c70-5ab4-54ad-94c5-0912cfa55513","created":"2026-05-10T17:34:00.000Z","modified":"2026-05-10T17:34:00.000Z","valid_from":"2026-05-10T17:34:00.000Z","name":"dd03408b67f24d61832ab48fc5e41f11","description":"IOC reported by @ReBensk on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'dd03408b67f24d61832ab48fc5e41f11']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ReBensk/status/2053529232308117755"}],"labels":["Android","Trojan","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac74542c-c8a4-52c0-81ca-d5493e1dcb65","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"k1dash.treeslinks.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'k1dash.treeslinks.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb96cdf2-b035-575f-9575-ac93e5dfff20","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://k1dash.treeslinks.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://k1dash.treeslinks.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86ff6a9d-88c1-56df-b0b4-97edc7d62183","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"ndocs5send.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocs5send.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82113f98-4111-5b69-8613-09df17007eca","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://ndocs5send.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocs5send.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81239bb3-2918-5d8e-ac7b-7a510def6d38","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"ndocs5link.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocs5link.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43f3402b-fd6e-5610-8292-dc475cd9f083","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://ndocs5link.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocs5link.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68b2c657-11a0-5bc7-9473-d853ffb28abc","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"ndocs8send.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocs8send.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--697e0a7a-d5aa-570e-a162-17ce2254c670","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://ndocs8send.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocs8send.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--634714e2-e431-507d-ad6b-de2d03be7fd6","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"com-account.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'com-account.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ec3f427-969c-5bc0-b7fa-81363ac779aa","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://com-account.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://com-account.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f97c4395-8e35-53c5-8d26-383395f97989","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"kakao.com-account.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kakao.com-account.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ada154d4-4e92-5429-b076-60f32abc78f8","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://kakao.com-account.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kakao.com-account.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b37e66c-ebe1-58a8-87b0-046e104bc76c","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"com-login.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'com-login.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--648ab9d7-50be-534b-8708-38e6843214d9","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://com-login.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://com-login.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--771e33c8-080a-572c-8eaf-c1ee9603c310","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"kakao.com-login.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kakao.com-login.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1955d6ec-39e4-5eab-99a5-d621fc604828","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://kakao.com-login.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kakao.com-login.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--60a40414-fd34-5677-8662-4dd1d8366ee6","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"aldocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'aldocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b829a3e7-0858-5c94-9c84-78dafbfdfe9d","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://aldocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://aldocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e73ddf2-9d55-59fd-8cc2-b1d8f54e6170","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"ndocs-asend.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocs-asend.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d2eb59ae-11f8-5e4b-93c1-4351a4bf2d67","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://ndocs-asend.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocs-asend.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ccf0fb85-c16e-5f07-bc97-c7753b0612f4","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"atdocument-hometax.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'atdocument-hometax.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d671352-f6e4-5f18-8278-e047496b2c3c","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://atdocument-hometax.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://atdocument-hometax.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3de41863-b12a-5de1-a681-57a67982742b","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"akdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'akdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46789540-e67b-5f4e-b2c5-fe5964f8a0cf","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://akdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://akdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65346ca0-62a4-5098-b5ae-5335f2f6d413","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"amdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'amdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63f60dd2-f2cb-5d30-8758-7e9b703c2bd3","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://amdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://amdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9aee9a8-4729-56ac-bebf-afa895170138","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"aodocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'aodocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ecd247a-967e-594e-9507-e35013d912ac","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://aodocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://aodocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--810949ca-be59-5547-af36-acd870178e44","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"ledocument-hometax.wjg.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ledocument-hometax.wjg.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d87fddf6-2b61-54bf-9d86-43c9118e338a","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://ledocument-hometax.wjg.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ledocument-hometax.wjg.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--24999251-fb97-5a90-9613-c50d7c57d8ae","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"lldocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lldocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b496403-8005-5677-bb78-80e0134756fb","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://lldocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lldocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0676b36e-aa24-51d1-b00d-2a5e4046a464","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"lidocument-hometax.wjg.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lidocument-hometax.wjg.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c767a8cd-a757-5beb-8c61-91eed197e2b9","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://lidocument-hometax.wjg.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lidocument-hometax.wjg.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c2568ed-cb8c-59aa-b4aa-fd7f84adb83a","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"lndocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lndocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31ad925b-7914-5d65-912d-50328b053c63","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://lndocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lndocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8223145c-b072-574a-a935-60c901f91f25","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"lkdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lkdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2064cadc-f913-51e3-8651-a52645f1e4d4","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://lkdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lkdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3122ec76-98b0-5b00-ab9e-324b108218c7","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"lmdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lmdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc58a33c-d535-5c1c-9dc3-9e6b46b2e5e5","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://lmdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lmdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed5f7fa9-0598-56d2-994b-989a07e8b8ac","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"nndocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nndocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25d0b53a-97fe-54e6-9f78-357ffc2a167d","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://nndocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nndocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca11f41b-0ae4-5ec6-a003-11ce8382dd64","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"nldocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nldocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6bfb91b1-3d72-50bc-be23-7f14ebaa239c","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://nldocument-home.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nldocument-home.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f5816b5-ec89-5527-b910-f2aac81b4cd6","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"ntdocument-hometax.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdocument-hometax.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04ebdf31-a282-5627-a349-c02822d55e77","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://ntdocument-hometax.mydns.jp","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdocument-hometax.mydns.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e5da4d0-2597-5e91-954b-20fa0645efea","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"nidocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75c00ce8-052a-5b49-9fcc-6bf2e5ed3b5d","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://nidocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fa0b423-3eea-56c1-882c-ca62b77d51ba","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"nwdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nwdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cbd7dab1-1854-5cb2-b656-4bdb5116ab77","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://nwdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nwdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--992ed6e8-e42a-5bd7-a82e-9a605bfe1168","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"an.nwdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'an.nwdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77a15621-906c-5cb4-a931-08b8fcab7b08","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://an.nwdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://an.nwdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--19ae2d01-561e-5a9b-aa74-98fb781313d7","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"nkdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nkdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5af23202-41f1-58f9-8587-0564b535c789","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://nkdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nkdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c61ada2-7470-5391-874f-4fa81d0dfd5d","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"nodocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nodocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0976ba05-24a0-53d4-9399-bd48a1d727cf","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://nodocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nodocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10465233-5f31-592b-b2f7-b5ded746badc","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"nmdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nmdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f631854d-f0dd-5fc6-8bd3-0e885df6cb79","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://nmdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nmdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c958ece8-42cd-5b0e-a2eb-487a746ddc35","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"mpdocument-home.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mpdocument-home.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8821557a-eb2a-5f53-aa1b-db1d34c28ad6","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://mpdocument-home.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mpdocument-home.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56c43b7e-7ae4-5e43-8aa3-893b4e7c664b","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"medocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'medocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4e688b4-d62a-5725-a46a-09e525092fa9","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://medocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://medocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6c3e145-fff0-527d-9978-02d73204e355","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"mtdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mtdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f65793d-3cfb-532d-b662-23982f7fceac","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://mtdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mtdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c53eb897-02a4-598d-b8bd-01fd5eda6e4d","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"midocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'midocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f93a1f6-4d94-590d-91b8-5c7aa88fdf7f","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://midocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://midocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0430479b-daa1-5c20-b9ac-29aca5ed0801","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"mkdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mkdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2774a9b2-ad88-598b-b7ee-5547c3c1db3d","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://mkdocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mkdocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0dc332b-8fe5-58a2-9efb-c2d3ff9de2f3","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"modocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'modocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0001221b-c96d-58c5-9f3f-858211e1e81a","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://modocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://modocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e8f01a3-8459-5794-b4ff-1fd7e4287d88","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"dn.modocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dn.modocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b1c2be4-ecf9-58dc-9428-4e6a2263212e","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://dn.modocument-hometax.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dn.modocument-hometax.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--004a1c72-3ec0-5a25-ada9-f0363ecbe69d","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"http://27.102.138.146","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.138.146']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e61b34b-092e-551e-8efb-423ac19f6ed7","created":"2026-05-10T17:35:00.000Z","modified":"2026-05-10T17:35:00.000Z","valid_from":"2026-05-10T17:35:00.000Z","name":"27.102.138.146","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.138.146']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053529359244271800"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a46a0d9-d726-5291-aa36-ad8fe4fa70ee","created":"2026-05-10T17:49:00.000Z","modified":"2026-05-10T17:49:00.000Z","valid_from":"2026-05-10T17:49:00.000Z","name":"docusign-signing-evelope65792.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docusign-signing-evelope65792.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053532840361402397"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1693d352-1c00-50d4-9199-7cef8e5b70f3","created":"2026-05-10T17:49:00.000Z","modified":"2026-05-10T17:49:00.000Z","valid_from":"2026-05-10T17:49:00.000Z","name":"http://docusign-signing-evelope65792.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docusign-signing-evelope65792.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053532840361402397"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0741263-eed8-57f0-b60c-0211778d9722","created":"2026-05-10T17:51:00.000Z","modified":"2026-05-10T17:51:00.000Z","valid_from":"2026-05-10T17:51:00.000Z","name":"goattechnologies.co","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'goattechnologies.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053533407791997401"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33f3b0f6-f0d5-5459-9b47-a2b7a17f74dc","created":"2026-05-10T17:51:00.000Z","modified":"2026-05-10T17:51:00.000Z","valid_from":"2026-05-10T17:51:00.000Z","name":"http://goattechnologies.co/wp-admin/js/DDDDD55666244hh4y4888111rfdr74gggghdd22122111usignnewcoded231view231%20(2).html","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://goattechnologies.co/wp-admin/js/DDDDD55666244hh4y4888111rfdr74gggghdd22122111usignnewcoded231view231%20(2).html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053533407791997401"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f8ed862-a020-5129-a9b7-99339a121f5a","created":"2026-05-10T18:01:00.000Z","modified":"2026-05-10T18:01:00.000Z","valid_from":"2026-05-10T18:01:00.000Z","name":"apptechnology.xyz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'apptechnology.xyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053535846674862439"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b5af872-a0d6-5f20-9299-dc9401c40677","created":"2026-05-10T18:01:00.000Z","modified":"2026-05-10T18:01:00.000Z","valid_from":"2026-05-10T18:01:00.000Z","name":"http://apptechnology.xyz/bluene-upload/approved-028484-downloads.html","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://apptechnology.xyz/bluene-upload/approved-028484-downloads.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053535846674862439"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad468974-f2a1-55db-a311-52826d5407b3","created":"2026-05-10T18:01:00.000Z","modified":"2026-05-10T18:01:00.000Z","valid_from":"2026-05-10T18:01:00.000Z","name":"accobymlrands.vu","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'accobymlrands.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053535846674862439"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--459c2db8-4bc6-5410-ae09-d82f0138f9b1","created":"2026-05-10T18:01:00.000Z","modified":"2026-05-10T18:01:00.000Z","valid_from":"2026-05-10T18:01:00.000Z","name":"http://accobymlrands.vu","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://accobymlrands.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053535846674862439"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f67daf0a-9e30-5a0e-9f87-706d870c3e41","created":"2026-05-10T18:16:00.000Z","modified":"2026-05-10T18:16:00.000Z","valid_from":"2026-05-10T18:16:00.000Z","name":"volorecoverydocuments.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'volorecoverydocuments.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053539599935263161"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca0604d9-e176-56d6-b12d-837c8b69bdfe","created":"2026-05-10T18:16:00.000Z","modified":"2026-05-10T18:16:00.000Z","valid_from":"2026-05-10T18:16:00.000Z","name":"http://volorecoverydocuments.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://volorecoverydocuments.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053539599935263161"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0123834d-288f-5556-9e75-baddf0dd2526","created":"2026-05-10T18:16:00.000Z","modified":"2026-05-10T18:16:00.000Z","valid_from":"2026-05-10T18:16:00.000Z","name":"961528b48b761f9f207978bc7ebac024","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '961528b48b761f9f207978bc7ebac024']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053539599935263161"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--41d3c5e3-4b17-5489-984c-b6825903f5eb","created":"2026-05-10T18:50:00.000Z","modified":"2026-05-10T18:50:00.000Z","valid_from":"2026-05-10T18:50:00.000Z","name":"7bebc4b248402dbf988b92eb7d9c86797bb302b983e63ce0d2dba96f0f8a345a","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7bebc4b248402dbf988b92eb7d9c86797bb302b983e63ce0d2dba96f0f8a345a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2053548124132581622"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1a91431-9256-5a27-b75b-38db5357551b","created":"2026-05-10T18:50:00.000Z","modified":"2026-05-10T18:50:00.000Z","valid_from":"2026-05-10T18:50:00.000Z","name":"c38c79fe170c54976c634f50e2a7ca090719366eabad58ec2011c18775c3366d","description":"IOC reported by @BlinkzSec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c38c79fe170c54976c634f50e2a7ca090719366eabad58ec2011c18775c3366d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/BlinkzSec/status/2053548124132581622"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b12989b3-ea97-5124-93a9-f6c8dc4ba09e","created":"2026-05-10T21:23:00.000Z","modified":"2026-05-10T21:23:00.000Z","valid_from":"2026-05-10T21:23:00.000Z","name":"medellin2026.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'medellin2026.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053586756302213195"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b54c4d4-9aef-527e-9570-eb75ec139535","created":"2026-05-10T21:23:00.000Z","modified":"2026-05-10T21:23:00.000Z","valid_from":"2026-05-10T21:23:00.000Z","name":"http://medellin2026.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://medellin2026.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053586756302213195"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5060d10-49e1-5541-8086-cb0b0ebfb710","created":"2026-05-10T21:23:00.000Z","modified":"2026-05-10T21:23:00.000Z","valid_from":"2026-05-10T21:23:00.000Z","name":"http://46.246.82.6","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://46.246.82.6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053586756302213195"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1faffe32-81d5-544c-9fdd-60fe212f2ec3","created":"2026-05-10T21:23:00.000Z","modified":"2026-05-10T21:23:00.000Z","valid_from":"2026-05-10T21:23:00.000Z","name":"46.246.82.6","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '46.246.82.6']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053586756302213195"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49cc0425-ef18-52e2-b95a-b8be3f69f85b","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9576de29-bc4c-5549-b3e6-66bbb3e6771a","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4e72b08-a140-57f9-a1bb-29a9a1b00475","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"mail.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mail.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--038bab13-eac0-5ff0-ae09-2f9c3c4d2879","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://mail.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mail.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc07affc-d597-51de-aef7-415b7a2ca76c","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"cpcontacts.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cpcontacts.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--857ea4e2-24c0-58ba-b944-954e5fd6d823","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://cpcontacts.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cpcontacts.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fdb0b77-155d-5134-94ca-f2cea89e922c","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"cpanel.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cpanel.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90110475-e7ae-5f3a-b8e4-73e6034bf3fd","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://cpanel.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cpanel.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--423b0a5f-39e1-5ff9-ae13-f99c6cfc07d2","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"autodiscover.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'autodiscover.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fa91843-dbe4-5feb-9416-453c5feeb097","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://autodiscover.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://autodiscover.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4a79fd8-2811-5c33-a8b1-6c053afccb88","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"cpcalendars.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cpcalendars.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adc49191-a397-5c3f-badc-11b907ad0334","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://cpcalendars.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cpcalendars.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5324a746-f405-58df-b11d-75fdc777826d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"webdisk.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'webdisk.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53186467-b84a-55e5-81bd-bcb8666954ad","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://webdisk.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://webdisk.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae303986-2dee-5002-a055-713ae46d0e45","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"webmail.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'webmail.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cc8afd1-d530-55b8-91c3-711ef4b22984","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://webmail.xn--jj0bm3ks5m0ud95l6mlbqa.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://webmail.xn--jj0bm3ks5m0ud95l6mlbqa.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7b40b10-2147-5a6c-9a55-4600a4235c1a","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"qeing.qooglegle.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'qeing.qooglegle.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--812ec12c-38b9-5356-8fd5-e2fcd524e7db","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://qeing.qooglegle.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://qeing.qooglegle.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c86c3943-98c1-514d-b07d-f727480e9512","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"mail.nhistargetlink.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mail.nhistargetlink.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--198580bb-00b7-5fd8-8174-2e7597fecea7","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://mail.nhistargetlink.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mail.nhistargetlink.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d03675d7-cb85-5400-abbd-bab1c2251b06","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"invoice.uncork.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.uncork.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f799fed0-370d-5fac-98a9-a73eefe31786","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://invoice.uncork.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.uncork.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a44ad71d-cda0-5176-b84e-50a3933c0874","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"usrcorps.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usrcorps.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6aab1018-4900-50fb-9e31-b00447ed237f","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://usrcorps.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usrcorps.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--acb70d05-c83d-5e59-80f7-54f508b30120","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"abrs.heninvoice.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'abrs.heninvoice.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b926697-5656-55e7-98a8-f7bc4edf6148","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://abrs.heninvoice.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://abrs.heninvoice.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b79f499-13c5-5947-a6b4-9741b6970188","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"info.severalrule.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info.severalrule.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e87472f0-0861-5db1-8c9d-c3e4b123e25e","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://info.severalrule.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://info.severalrule.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f32a1d87-e7ab-5957-acaa-fdeb79fa8371","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"node.combookmark.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'node.combookmark.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dceeeccf-3386-5532-961c-ddced021e1e5","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://node.combookmark.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://node.combookmark.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d3262d7-b3e1-5564-b734-669ee61215ab","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"global.homeandroid.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'global.homeandroid.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5e8cd38-0757-5183-844f-78571fc08bef","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://global.homeandroid.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://global.homeandroid.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f88b4e8-5f68-5c63-8499-0ca8fb25b62a","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"view.checkoptionview.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'view.checkoptionview.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--911a73ed-597b-590a-95b1-5966ec03a87d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://view.checkoptionview.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://view.checkoptionview.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0383bff4-5cc9-5c06-b582-e0da0d6ee2ec","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"size.accountverification.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'size.accountverification.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8769152f-f74c-5d2a-8e93-76993ca5d50b","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://size.accountverification.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://size.accountverification.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1eea58c-a35b-57dd-980f-472e2c25e381","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"retry.globalpayment.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'retry.globalpayment.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92d3d4c3-df0d-50d4-b494-aef814efd654","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://retry.globalpayment.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://retry.globalpayment.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b7ecaff-f604-56cc-975a-3e3d5357809a","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"node.onelinesvcads.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'node.onelinesvcads.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23c8a751-5e57-5a41-b230-19a921e8e347","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://node.onelinesvcads.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://node.onelinesvcads.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--476c6cf3-82e9-509e-9423-723607ead180","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"node.usermadver.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'node.usermadver.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eebd035a-e42f-50fe-9347-17b8965c3b3b","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://node.usermadver.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://node.usermadver.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--994120a4-08fd-561a-a428-286023f9eb71","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"node.paymentglobalserver.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'node.paymentglobalserver.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8a45838-f81e-5338-b314-74014255bbe7","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://node.paymentglobalserver.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://node.paymentglobalserver.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b28c69a4-054a-5863-9867-37777ca72695","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"service.deliverymailsvc.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'service.deliverymailsvc.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--364a55a8-2e4b-545d-8eca-0f589673dddb","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://service.deliverymailsvc.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://service.deliverymailsvc.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4522ceb7-a45a-5ea7-808c-6bbe77f66bef","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"security.accountuquery.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'security.accountuquery.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f764a2a6-dd8b-5459-b25a-d0e44f631564","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://security.accountuquery.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://security.accountuquery.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04e1f677-b281-5975-84d4-03950b59a83e","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"login.usernormalsvc.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.usernormalsvc.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2eae41b4-085a-5915-a88a-c81a302cecc4","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://login.usernormalsvc.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://login.usernormalsvc.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--533842d3-5668-5a06-a2fb-d6b3ba9deb98","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"service.linkyoursecurity.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'service.linkyoursecurity.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0cca79b3-7242-5232-a3d9-9c0c6ced4252","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://service.linkyoursecurity.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://service.linkyoursecurity.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d3f7593-ecc8-54d6-921d-ef11630d7667","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"loein.usrdeleteservice.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'loein.usrdeleteservice.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f3c2608-a74a-5340-aa44-13e722313393","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://loein.usrdeleteservice.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://loein.usrdeleteservice.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f00d1c4-2662-553f-bbb9-7beb744b818e","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"n.usrdeleteservice.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n.usrdeleteservice.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17ea99a2-cf84-5ef7-9d16-44e6f81f9484","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://n.usrdeleteservice.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n.usrdeleteservice.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--846b6f70-fb38-55eb-a285-a7d94b24e3d4","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"fy.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fy.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99d520e8-20bd-5a69-8b42-a1097f19edf5","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://fy.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fy.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd7cfd3e-ab2f-577c-bbbe-1c1fee75d51a","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"jser.billmatedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jser.billmatedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89bf67e5-4a41-51a1-ac70-88ec6b798c17","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://jser.billmatedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jser.billmatedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--050e1baa-308b-5e40-8181-2c0e5c981a32","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"verify.changepaymentoption.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'verify.changepaymentoption.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d88a529c-93c8-5c29-85e4-6d0ec0dfef8f","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://verify.changepaymentoption.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://verify.changepaymentoption.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--630e1742-cd6d-5df8-8cf3-140eac905089","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"45billmatedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '45billmatedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--339dfdca-d955-576c-aedd-7f7712529352","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://45billmatedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45billmatedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc66e202-c81e-56c4-b664-6b26d57e31ef","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"45nhistargetlink.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '45nhistargetlink.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d2695aa-f68c-5bf4-a380-562727d61a75","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://45nhistargetlink.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45nhistargetlink.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d66c8f5-f1c4-5f9c-a9bc-be71456e3afe","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"45chk.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '45chk.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6a041ff-f084-5629-851b-1fe81538bb69","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://45chk.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://45chk.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba91a144-d233-5b8c-acbb-bfa0c2d39c34","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"policy.usermemberauth.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'policy.usermemberauth.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c855e23b-7c11-5b36-a8fe-589fb8397103","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://policy.usermemberauth.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://policy.usermemberauth.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb155a2c-dba3-5c74-bd19-14e836eed7bd","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"nhistargetlink.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhistargetlink.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d3707d1-f7cd-5fc9-88ea-33a38555d9d9","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://nhistargetlink.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhistargetlink.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7dede71-97c1-5bd7-89bf-1f5d087e94d0","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"service.useraccountpolicy.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'service.useraccountpolicy.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5e7870d-910c-5dd8-80e7-8e9d2fdaf6ab","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://service.useraccountpolicy.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://service.useraccountpolicy.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91f80e33-8cbf-5232-b728-6c5a08677d78","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"user.billmatedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'user.billmatedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93c3d937-f15f-5054-ae8e-4a4cfd026bb6","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://user.billmatedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://user.billmatedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad269d20-9ec4-530a-959b-d77076549643","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"billmatedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'billmatedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--902491a8-2657-5a4f-b996-f025e15f2b21","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://billmatedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://billmatedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3748733d-2931-5b12-8343-bcbae2e8c42e","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"authenticateudoc.1cooldns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'authenticateudoc.1cooldns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db924131-026d-5786-9418-b4c7dba33757","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://authenticateudoc.1cooldns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://authenticateudoc.1cooldns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca6b6901-e92a-5fe2-a2e1-e04fbd01d869","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"doc.authenticateudoc.1cooldns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doc.authenticateudoc.1cooldns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f27f299a-3c06-5f9d-9d7f-1ee3d0ceb092","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://doc.authenticateudoc.1cooldns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doc.authenticateudoc.1cooldns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce84c309-642b-55d5-9218-02c6d979fbca","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"verify.authenticateudoc.1cooldns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'verify.authenticateudoc.1cooldns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25a44351-d8d0-5f03-840a-90663ea7ff90","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://verify.authenticateudoc.1cooldns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://verify.authenticateudoc.1cooldns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28c87bd1-3807-523e-b8f6-4581b83fe937","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"nipsreceivedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nipsreceivedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4303fee8-1117-53f7-9fd5-9856f4c46c19","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://nipsreceivedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nipsreceivedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c3fa482-2f21-59b7-b14d-ccd95e22de52","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"invoice.nipsreceivedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.nipsreceivedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--585e864a-eb37-59b6-b8a8-b5f21f8363c9","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://invoice.nipsreceivedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.nipsreceivedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92aa80dd-4792-5381-a41d-ca2b943bdf2b","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"info.nipsreceivedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info.nipsreceivedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e08e5a80-d2cc-529e-8141-cd17be21f66d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://info.nipsreceivedoc.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://info.nipsreceivedoc.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d7ab530-b965-5ae1-87f9-d8c1aeb86474","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"info.uncork.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info.uncork.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--410f97cd-a686-500a-8a7c-7cb6c5c011ee","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://info.uncork.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://info.uncork.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9ca37f5-0a24-5372-a5a7-eab62e3057f3","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"chk.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chk.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be9b6a63-4a8d-5ef7-b6a3-5374ba883631","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://chk.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chk.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c7847dc-4e19-500f-91b6-dfc75b4f2235","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"invoice.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--679604c3-f3a3-5cb7-b2a5-43765adb352c","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://invoice.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9eed81ad-8d1a-5a8c-88f8-830cea6e2a78","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"doc.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doc.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3917638f-2df5-5859-a9c8-3f3d9e7d9ea9","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://doc.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doc.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1b8449e-2177-52b4-9399-9e6aaae67252","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f67a42e6-46ae-5152-8142-7fd33987c93c","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--646770a2-3547-5535-a249-ff5b24665dd9","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"verify.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'verify.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a270b7b4-169b-535a-ae9f-86173540ea9d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://verify.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://verify.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e508e0f-4979-52f5-b997-d2079d0d0b9d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"info.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d984a1d7-658c-5b76-9390-e94d0da41dd2","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://info.supportipsinvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://info.supportipsinvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7082be0-1db1-501a-9d14-fdcc6e6b8fa8","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"chk.uncork.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chk.uncork.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f6e5d2b-f36f-5b61-9427-dd7061d72b58","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://chk.uncork.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chk.uncork.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e446368d-53c5-54ee-b27c-afbc73cc6c79","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"verify.uncork.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'verify.uncork.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85475bd6-fb59-5609-8176-ca9fd6d602d2","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://verify.uncork.biz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://verify.uncork.biz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68ed52e3-2d40-54b2-a338-a8fb1838c5d8","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"ipsinvoicegoji.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ipsinvoicegoji.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ca9a935-acf5-52cd-adf7-cb0b9c1b366b","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://ipsinvoicegoji.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ipsinvoicegoji.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e057209-3a93-5946-9137-2e8687be55d1","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"edoc.ipsinvoicegoji.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edoc.ipsinvoicegoji.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--24ddcfe1-88fd-54da-aebe-b49f3f3d7dcb","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://edoc.ipsinvoicegoji.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edoc.ipsinvoicegoji.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8110779f-e550-51da-9b04-a5fd0e6acab4","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"one.billmatedoc.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'one.billmatedoc.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25bd483a-e72e-53d2-b459-5350108b033c","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://one.billmatedoc.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://one.billmatedoc.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--368adf70-7608-5425-b490-0e6a652afbf0","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"npuhostvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'npuhostvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f489f2f-e5ec-58c2-896e-2466a00fe6cc","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://npuhostvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://npuhostvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97cf51f4-1fae-5c6b-a7a4-71a7fbe748b2","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"randstring.npuhostvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'randstring.npuhostvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec8d664e-1664-5934-9393-c901c5be84da","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://randstring.npuhostvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://randstring.npuhostvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e298972-cdbf-56f1-9008-586ca9eb0b92","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"docinfo.nhistargetlink.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.nhistargetlink.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad0b313e-adb8-54ba-930b-9f5f6ed7b998","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://docinfo.nhistargetlink.cloud-ip.cc","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.nhistargetlink.cloud-ip.cc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2053a6b-3ecc-587c-9a92-fac5819b6cca","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"verify.accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'verify.accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b136e83-aba9-56b5-b14d-15ce4e471681","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://verify.accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://verify.accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59a22fef-ebf5-5f66-9a00-50677dca7dc5","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--529a4113-d91d-520e-aad9-da4d45b83231","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86f1d16b-5366-5396-8361-54073eb19c56","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"invoice.accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c4c74fd-4d79-589a-92e4-3e8e9da6d795","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://invoice.accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47c12e98-6f60-5c55-a50e-801dcde2cda0","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"chk.accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'chk.accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f736b80-69a7-5520-8066-55b8dabb4ad5","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://chk.accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://chk.accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58888866-45f2-5f8d-9b26-6bd51a1a6658","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"info.accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info.accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2290738-0886-5e48-867f-3d8098490004","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://info.accessmemberuid.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://info.accessmemberuid.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27153e41-fcfc-5f94-abbc-e7b5bd6422a8","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"usr.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usr.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7506c2c-7c9c-570e-9222-b64e4d6d3c4b","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://usr.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usr.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b81b78f-27ee-5676-9814-7e76079489e9","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"invoice.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64518fc7-99fd-574a-8bb8-b3210c95b712","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://invoice.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--815929a4-5192-5970-b40c-55be67c6a066","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--598262cb-d12c-59a3-b8b0-0e60bde89474","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5be5a50d-eaf2-57f7-b333-15cf0cb22cdb","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"info.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61059bc0-8425-5698-afb6-ed1276ab8716","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://info.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://info.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c847c52f-c167-53a7-ad6b-4f9870c9a277","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"doc.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doc.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--149cc488-27c1-5b60-ad39-878ed859e9dd","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://doc.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doc.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff7c7996-09ed-58d2-ac39-2cf67beaf690","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"edoc.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edoc.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--efc1c422-8677-55a8-be82-8fa8a3836ae0","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://edoc.usrauthsystem.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edoc.usrauthsystem.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b692c60-09b7-5825-bfb0-7bb4eaf12605","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"usrsessioncheck.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usrsessioncheck.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5c33abc-7984-5b8c-916f-bc01db173a15","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://usrsessioncheck.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usrsessioncheck.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c81a95c2-c524-53d5-b998-75883cb1f878","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"login.usrdeleteservice.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.usrdeleteservice.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e1c5d0b-8ba0-57b3-a698-e4d2b3f8c987","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://login.usrdeleteservice.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://login.usrdeleteservice.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc6d9ddc-386b-57da-b027-6326eee1de27","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"access.usercorpsetting.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'access.usercorpsetting.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cd40e5e-8942-5ee0-8c31-3a9a61bde3a3","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://access.usercorpsetting.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://access.usercorpsetting.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--474356cc-0137-5655-9b40-600a83bea92c","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"doc.ndocasset.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doc.ndocasset.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b8b848c-2f9f-5e16-b160-4d382831a659","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://doc.ndocasset.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doc.ndocasset.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffdaa372-df76-591c-8e0a-42a00b9dc80b","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"ndocasset.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocasset.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a424427e-d932-5870-b7c8-1cdf0c6efcb8","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://ndocasset.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocasset.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8241135-41aa-5daf-bac3-203be48f5b37","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"invoice.okxdeliverasset.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.okxdeliverasset.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--324e2bb7-17f1-5a0c-a64e-b1facb1c75e8","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://invoice.okxdeliverasset.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.okxdeliverasset.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--299cd4e0-0e23-5365-91e5-a3e63a285e72","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"invoice.currentdoclist.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.currentdoclist.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2351cb7-5ca3-52fd-8cda-5f042bba2086","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://invoice.currentdoclist.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.currentdoclist.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cef7846f-3707-5db5-86be-dfe3fc2937cb","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"currentdoclist.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'currentdoclist.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e937b7db-5178-5fc0-ac8a-2de9e65f4f1c","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://currentdoclist.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://currentdoclist.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6b30fa1-bd1e-5e32-bfc8-840536096391","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"invoice.verify.nappdeliver.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.verify.nappdeliver.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--95393c09-c734-5c91-bf02-e1a1d1877b59","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://invoice.verify.nappdeliver.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.verify.nappdeliver.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e6fe056-ebc1-5092-a4d9-d0532e793671","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"doc.verify.nappdeliver.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doc.verify.nappdeliver.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd936531-9eb7-5d52-9e72-70e297ce81b2","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://doc.verify.nappdeliver.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doc.verify.nappdeliver.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2027d37-c589-5600-b7d3-4cee11ab8b89","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"info.abrs.heninvoice.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info.abrs.heninvoice.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aac38cdc-efff-5b45-98d7-ef736dd865a2","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://info.abrs.heninvoice.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://info.abrs.heninvoice.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a0f9cd43-8e97-5c15-aae4-49183235fef3","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"userinfo.abrs.heninvoice.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'userinfo.abrs.heninvoice.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee842a31-9afa-5aac-b2a8-1425d870d8f1","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://userinfo.abrs.heninvoice.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://userinfo.abrs.heninvoice.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3711b93b-7630-524c-9c97-4ec7de5046b3","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"invoice.abrs.heninvoice.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.abrs.heninvoice.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dda283d9-285a-532e-8e19-b4e1a1432c6f","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://invoice.abrs.heninvoice.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.abrs.heninvoice.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf6b32fc-1425-516a-8edf-1f95e0d9ad3d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"usrselectlist.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usrselectlist.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7fc15d46-d9ef-5f0f-afff-8070043be4f1","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://usrselectlist.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usrselectlist.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0fe30588-608f-5634-b964-8009c0cffdf7","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"docempower.giize.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docempower.giize.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fa49edc-9bd6-5dbe-b507-94705c68b27d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://docempower.giize.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docempower.giize.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66016ec0-f448-59c2-91b4-ef679a6e5797","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"verify.docempower.giize.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'verify.docempower.giize.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--361c21ac-9aa7-5df1-b4f9-2da2f17a2409","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://verify.docempower.giize.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://verify.docempower.giize.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--153c06ad-4287-5c68-a071-05afe415527e","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"info.usrselectlist.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'info.usrselectlist.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1eb98123-2bcd-52a0-89fc-9683d128dc7c","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://info.usrselectlist.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://info.usrselectlist.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--468cf673-eb61-5a2c-89b8-cdeb14502589","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"repterminvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'repterminvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2f56252-056f-5f3b-bf7a-e49ef832e1a6","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://repterminvoice.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://repterminvoice.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b57265e-d9a5-5587-9045-1224d89f518e","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"login.siteuserverification.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.siteuserverification.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71d94339-ff34-529b-8687-c17c4605a305","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://login.siteuserverification.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://login.siteuserverification.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b33112a-f55d-5a38-9f83-41d3ed1d031b","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"access.userrecoveropt.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'access.userrecoveropt.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--73d737b3-ce27-5751-8048-bde19a514df8","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://access.userrecoveropt.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://access.userrecoveropt.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63dc74d8-5334-5c6e-87e5-2fc5005ec71d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"login.accountuserservice.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.accountuserservice.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3a649ee-4e59-5d1b-a3e0-a4d5ca11623d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://login.accountuserservice.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://login.accountuserservice.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ae589bb-5a3a-51fb-be9c-788e815b5442","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"login.accountverifications.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.accountverifications.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--32b14ce9-7349-563b-a4f2-4c3c5847a880","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://login.accountverifications.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://login.accountverifications.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34a29d79-bf8f-5e1d-8f42-2d5638540830","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"access.userreverify.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'access.userreverify.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7fd8fc40-5358-54db-afae-07dbba32e4af","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://access.userreverify.kro.kr","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://access.userreverify.kro.kr']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c5e7451-4a36-51ab-b04e-e144e004d4b1","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"targetinvaddress.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'targetinvaddress.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd4e3280-7e5e-5546-b4fe-04d3bd169362","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://targetinvaddress.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://targetinvaddress.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1131e8fb-be3e-506c-b39d-0db6a98e2424","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"doc.targetinvaddress.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'doc.targetinvaddress.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0644f04-26f8-5361-8af1-9452bbfa9fbe","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://doc.targetinvaddress.mydns.bz","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://doc.targetinvaddress.mydns.bz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d169baf3-c0ec-53c6-938a-77306073e49d","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"http://27.102.138.45","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.138.45']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1208755a-74cd-5d28-a2f5-afe51730ce2e","created":"2026-05-10T21:44:00.000Z","modified":"2026-05-10T21:44:00.000Z","valid_from":"2026-05-10T21:44:00.000Z","name":"27.102.138.45","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.138.45']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053592079918330349"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44435bb8-ea43-52f3-bc72-1d53264d3a9a","created":"2026-05-10T22:00:00.000Z","modified":"2026-05-10T22:00:00.000Z","valid_from":"2026-05-10T22:00:00.000Z","name":"taha1344.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'taha1344.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053595978125496548"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4ea99f88-b7c1-520d-89cb-bffa7fc9091f","created":"2026-05-10T22:00:00.000Z","modified":"2026-05-10T22:00:00.000Z","valid_from":"2026-05-10T22:00:00.000Z","name":"http://taha1344.github.io/Spotify","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://taha1344.github.io/Spotify']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053595978125496548"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d47decba-f159-5428-8915-6a600dd46f78","created":"2026-05-11T00:00:00.000Z","modified":"2026-05-11T00:00:00.000Z","valid_from":"2026-05-11T00:00:00.000Z","name":"re11133.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 're11133.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053626250023837980"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27350de3-6519-5901-80e5-d1c1e7a613c9","created":"2026-05-11T00:00:00.000Z","modified":"2026-05-11T00:00:00.000Z","valid_from":"2026-05-11T00:00:00.000Z","name":"https://re11133.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://re11133.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053626250023837980"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1fa25f9-8343-5b9e-90ed-c668731f851f","created":"2026-05-11T00:17:00.000Z","modified":"2026-05-11T00:17:00.000Z","valid_from":"2026-05-11T00:17:00.000Z","name":"cqizvybx.bhmsbp.cn","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cqizvybx.bhmsbp.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053630487198126535"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfc6e74f-2b2e-52f0-881f-b1768e3cb28e","created":"2026-05-11T00:17:00.000Z","modified":"2026-05-11T00:17:00.000Z","valid_from":"2026-05-11T00:17:00.000Z","name":"https://cqizvybx.bhmsbp.cn/iiufhys/eorio/loging/","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cqizvybx.bhmsbp.cn/iiufhys/eorio/loging/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053630487198126535"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21b7a6e1-82f8-54ad-942d-39d8f642f675","created":"2026-05-11T02:00:00.000Z","modified":"2026-05-11T02:00:00.000Z","valid_from":"2026-05-11T02:00:00.000Z","name":"135461223.site","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '135461223.site']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053656394256019686"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae9ac8f8-d9ed-5f72-b362-97fad46fd1df","created":"2026-05-11T02:00:00.000Z","modified":"2026-05-11T02:00:00.000Z","valid_from":"2026-05-11T02:00:00.000Z","name":"http://135461223.site/948/e64b5443-dfd0-47b7-9768-e62bcd731958/730140","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://135461223.site/948/e64b5443-dfd0-47b7-9768-e62bcd731958/730140']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053656394256019686"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8152397-8f6f-5bf5-8eb0-fb0169a2fd1a","created":"2026-05-11T02:50:00.000Z","modified":"2026-05-11T02:50:00.000Z","valid_from":"2026-05-11T02:50:00.000Z","name":"http://130.78.217.194:8888/bot.sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://130.78.217.194:8888/bot.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2053669002140938351"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c10d0fda-06de-5483-ae97-e0d49957cc87","created":"2026-05-11T02:50:00.000Z","modified":"2026-05-11T02:50:00.000Z","valid_from":"2026-05-11T02:50:00.000Z","name":"130.78.217.194","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '130.78.217.194']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2053669002140938351"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c63619d-c263-55f5-a790-f451d480a92b","created":"2026-05-11T02:50:00.000Z","modified":"2026-05-11T02:50:00.000Z","valid_from":"2026-05-11T02:50:00.000Z","name":"06f55a73b369040bee42de084027d3dc","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '06f55a73b369040bee42de084027d3dc']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2053669002140938351"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--323eca74-77f1-5bbc-95b7-dcd16a3a29f0","created":"2026-05-11T04:00:00.000Z","modified":"2026-05-11T04:00:00.000Z","valid_from":"2026-05-11T04:00:00.000Z","name":"eth-login.webflow.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eth-login.webflow.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053686613176181096"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f5b541d-706c-5bb4-8e21-70106991a8e7","created":"2026-05-11T04:00:00.000Z","modified":"2026-05-11T04:00:00.000Z","valid_from":"2026-05-11T04:00:00.000Z","name":"https://eth-login.webflow.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://eth-login.webflow.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053686613176181096"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--06966599-9c7f-55fb-953d-b5777dbc782e","created":"2026-05-11T04:40:00.000Z","modified":"2026-05-11T04:40:00.000Z","valid_from":"2026-05-11T04:40:00.000Z","name":"85.239.155.68","description":"IOC reported by @solostalking on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '85.239.155.68']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/solostalking/status/2053696616104857659"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--95800f76-9b44-56ec-a150-a2c1d0c947ac","created":"2026-05-11T05:22:00.000Z","modified":"2026-05-11T05:22:00.000Z","valid_from":"2026-05-11T05:22:00.000Z","name":"70.34.243.236","description":"IOC reported by @solostalking on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '70.34.243.236']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/solostalking/status/2053707334271279498"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e748b041-a8a0-5572-bd02-041ff894e1d8","created":"2026-05-11T05:22:00.000Z","modified":"2026-05-11T05:22:00.000Z","valid_from":"2026-05-11T05:22:00.000Z","name":"ransomware-c2.com","description":"IOC reported by @uuallan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ransomware-c2.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/uuallan/status/1781666262755561930"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3459e6fe-a078-5cf9-8ea0-a3b5fc8bf6b3","created":"2026-05-11T05:22:00.000Z","modified":"2026-05-11T05:22:00.000Z","valid_from":"2026-05-11T05:22:00.000Z","name":"http://ransomware-c2.com","description":"IOC reported by @uuallan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ransomware-c2.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/uuallan/status/1781666262755561930"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--634eee86-0ad3-500d-893c-7d69e8e2efdc","created":"2026-05-11T05:22:00.000Z","modified":"2026-05-11T05:22:00.000Z","valid_from":"2026-05-11T05:22:00.000Z","name":"ransomwarein.bio","description":"IOC reported by @uuallan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ransomwarein.bio']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/uuallan/status/1781666262755561930"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--26280804-4640-5ca0-95be-affe36b681d7","created":"2026-05-11T05:22:00.000Z","modified":"2026-05-11T05:22:00.000Z","valid_from":"2026-05-11T05:22:00.000Z","name":"http://ransomwarein.bio","description":"IOC reported by @uuallan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ransomwarein.bio']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/uuallan/status/1781666262755561930"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--164d0224-eb94-51d0-86c3-e928479f2084","created":"2026-05-11T06:00:00.000Z","modified":"2026-05-11T06:00:00.000Z","valid_from":"2026-05-11T06:00:00.000Z","name":"ayushsingh728.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ayushsingh728.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053716785858216045"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7681dcf0-df9c-5028-8f83-71cab7b079e8","created":"2026-05-11T06:00:00.000Z","modified":"2026-05-11T06:00:00.000Z","valid_from":"2026-05-11T06:00:00.000Z","name":"http://ayushsingh728.github.io/Netflix-Clone","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ayushsingh728.github.io/Netflix-Clone']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053716785858216045"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8655cd31-11af-5459-ab54-10c96464f4e7","created":"2026-05-11T06:25:00.000Z","modified":"2026-05-11T06:25:00.000Z","valid_from":"2026-05-11T06:25:00.000Z","name":"104.168.81.172","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.168.81.172']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053723171787035043"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--220dda2e-e30c-51ac-a796-3440bde76c78","created":"2026-05-11T06:25:00.000Z","modified":"2026-05-11T06:25:00.000Z","valid_from":"2026-05-11T06:25:00.000Z","name":"107.172.132.231","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '107.172.132.231']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053723171787035043"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c751534d-7e53-5ee1-b227-adac0aaba0a0","created":"2026-05-11T06:51:00.000Z","modified":"2026-05-11T06:51:00.000Z","valid_from":"2026-05-11T06:51:00.000Z","name":"totallyaboutweather.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'totallyaboutweather.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053729800372785348"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a6b3b91-5246-5b1f-bc37-5039c048c5c4","created":"2026-05-11T06:51:00.000Z","modified":"2026-05-11T06:51:00.000Z","valid_from":"2026-05-11T06:51:00.000Z","name":"https://totallyaboutweather.com/BpYeOhCAySak","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://totallyaboutweather.com/BpYeOhCAySak']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053729800372785348"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9d0297f-d447-52a7-a9ba-6b126a6f2c0c","created":"2026-05-11T07:28:00.000Z","modified":"2026-05-11T07:28:00.000Z","valid_from":"2026-05-11T07:28:00.000Z","name":"104.200.67.47","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '104.200.67.47']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053738879728099652"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59e52375-41a6-5995-b452-d10117e6cbf1","created":"2026-05-11T08:00:00.000Z","modified":"2026-05-11T08:00:00.000Z","valid_from":"2026-05-11T08:00:00.000Z","name":"amazonclone-steel-two.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'amazonclone-steel-two.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053747001083257213"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ddd75d75-e458-51e0-9516-b1d500e19bb5","created":"2026-05-11T08:00:00.000Z","modified":"2026-05-11T08:00:00.000Z","valid_from":"2026-05-11T08:00:00.000Z","name":"https://amazonclone-steel-two.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://amazonclone-steel-two.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053747001083257213"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a50718e-9ed0-5a1c-b84f-abc629ea1f1d","created":"2026-05-11T08:31:00.000Z","modified":"2026-05-11T08:31:00.000Z","valid_from":"2026-05-11T08:31:00.000Z","name":"99.83.192.149","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '99.83.192.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053754734268252309"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7488435-c1eb-5566-aa21-da11e31cfef4","created":"2026-05-11T08:31:00.000Z","modified":"2026-05-11T08:31:00.000Z","valid_from":"2026-05-11T08:31:00.000Z","name":"13.248.236.92","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '13.248.236.92']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053754734268252309"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b76978b-e050-57de-a988-eaf53a74d007","created":"2026-05-11T08:31:00.000Z","modified":"2026-05-11T08:31:00.000Z","valid_from":"2026-05-11T08:31:00.000Z","name":"3eb7ddfb99097f35279e3a44fff44ff27d19389da9ba99d65ccde9716f21b91c","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '3eb7ddfb99097f35279e3a44fff44ff27d19389da9ba99d65ccde9716f21b91c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2053754734268252309"}],"labels":["C2"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7681d30-0d2e-5236-851d-59f334c0ab72","created":"2026-05-11T09:21:00.000Z","modified":"2026-05-11T09:21:00.000Z","valid_from":"2026-05-11T09:21:00.000Z","name":"cloudcraftshub.com","description":"IOC reported by @nextronresearch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cloudcraftshub.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/nextronresearch/status/2053767476651995310"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--192ff736-0d8e-587a-ac94-f1cd149d3cad","created":"2026-05-11T09:21:00.000Z","modified":"2026-05-11T09:21:00.000Z","valid_from":"2026-05-11T09:21:00.000Z","name":"https://cloudcraftshub.com/api","description":"IOC reported by @nextronresearch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cloudcraftshub.com/api']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/nextronresearch/status/2053767476651995310"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e12a0bd-4f4f-5440-ac6d-9cf16221ea05","created":"2026-05-11T09:21:00.000Z","modified":"2026-05-11T09:21:00.000Z","valid_from":"2026-05-11T09:21:00.000Z","name":"f90e131ec641d1cda33800217bdf6295a0c95d8f4b2ef0406ecda78ce19685ad","description":"IOC reported by @nextronresearch on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'f90e131ec641d1cda33800217bdf6295a0c95d8f4b2ef0406ecda78ce19685ad']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/nextronresearch/status/2053767476651995310"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--67c97077-45f8-5b2c-a368-8477078218dc","created":"2026-05-11T10:00:00.000Z","modified":"2026-05-11T10:00:00.000Z","valid_from":"2026-05-11T10:00:00.000Z","name":"netflix-clone-omega-gules.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'netflix-clone-omega-gules.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053777175304683701"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fcc8b3ee-0031-5a5b-806f-02125d98da0e","created":"2026-05-11T10:00:00.000Z","modified":"2026-05-11T10:00:00.000Z","valid_from":"2026-05-11T10:00:00.000Z","name":"https://netflix-clone-omega-gules.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://netflix-clone-omega-gules.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053777175304683701"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6805535f-142f-5277-9990-b68b3f4869a9","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"sncf-connect.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sncf-connect.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03103b22-a257-50c8-985f-27c7d4701bb7","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"http://sncf-connect.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sncf-connect.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d98dd74f-ab41-5c23-98d8-673339585a39","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"api.sncf-connect.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.sncf-connect.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c885738c-8d2d-5db4-814a-b7d3bf6100b0","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"http://api.sncf-connect.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.sncf-connect.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f9dcc2eb-1063-55da-b564-a1a5260d7345","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"connect-sncf.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'connect-sncf.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e916160d-c193-5c34-9bf9-7b12a59877c2","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"http://connect-sncf.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://connect-sncf.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c2bf04f-f13a-50f1-99ef-c9c7249e25f5","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"api.connect-sncf.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.connect-sncf.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2791012-f172-53c6-87e5-13722c4bfffd","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"http://api.connect-sncf.my","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.connect-sncf.my']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--318fd33f-612f-5ba5-8c25-f8b491c6c6e4","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"api.sncfconnect.cam","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.sncfconnect.cam']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8971f927-c2f8-5c9d-ba2c-c6a459ccc290","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"http://api.sncfconnect.cam","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.sncfconnect.cam']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12b2aa5c-7c1e-51b1-a390-7c4de932280f","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"connect-sncf.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'connect-sncf.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--295cc224-7f89-53ff-ba58-cba81afd94f0","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"http://connect-sncf.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://connect-sncf.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07c7b3ea-b043-5d94-9fed-6006a648b11a","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"api.connect-sncf.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'api.connect-sncf.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62181a16-590d-57ce-a893-5b81b2ae7777","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"http://api.connect-sncf.me","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://api.connect-sncf.me']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b65d0383-46d6-5dad-91bf-234a04142bf1","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"connect-sncf.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'connect-sncf.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1b5c8d6-9c98-5235-8367-c8a3ac4b6ac2","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"http://connect-sncf.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://connect-sncf.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7130c4dc-9fb6-5790-9ca1-936929540d56","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"sncfconnect.cam","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sncfconnect.cam']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d33e57c3-bde2-54fb-bddd-1ed570ae7dd8","created":"2026-05-11T10:33:00.000Z","modified":"2026-05-11T10:33:00.000Z","valid_from":"2026-05-11T10:33:00.000Z","name":"http://sncfconnect.cam","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sncfconnect.cam']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053785579007975442"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3faf920c-10a9-5fa5-b886-0faab94ebd31","created":"2026-05-11T10:39:00.000Z","modified":"2026-05-11T10:39:00.000Z","valid_from":"2026-05-11T10:39:00.000Z","name":"online-meet.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'online-meet.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053787086856343986"}],"labels":["ClickFix","SalatStealer","malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d68d09c5-9ab3-50b5-8919-09ffe960341a","created":"2026-05-11T10:39:00.000Z","modified":"2026-05-11T10:39:00.000Z","valid_from":"2026-05-11T10:39:00.000Z","name":"http://online-meet.com","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://online-meet.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053787086856343986"}],"labels":["ClickFix","SalatStealer","malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62c6d667-4d6c-5436-bd70-3151b0dc234f","created":"2026-05-11T10:39:00.000Z","modified":"2026-05-11T10:39:00.000Z","valid_from":"2026-05-11T10:39:00.000Z","name":"http://online-meet.com/files/update/uptodate.exe","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://online-meet.com/files/update/uptodate.exe']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053787086856343986"}],"labels":["ClickFix","SalatStealer","malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9eb3b92-6452-5eda-83b4-270c35cc7494","created":"2026-05-11T10:39:00.000Z","modified":"2026-05-11T10:39:00.000Z","valid_from":"2026-05-11T10:39:00.000Z","name":"8a132e7dd4876c87b5c425db32291bd54a2f3a477c78ceb4d29f297867a150fa","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8a132e7dd4876c87b5c425db32291bd54a2f3a477c78ceb4d29f297867a150fa']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2053787086856343986"}],"labels":["ClickFix","SalatStealer","malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--104e4db8-1aba-5e37-9d79-28ad7a3a8ce5","created":"2026-05-11T12:14:00.000Z","modified":"2026-05-11T12:14:00.000Z","valid_from":"2026-05-11T12:14:00.000Z","name":"http://151.243.18.254","description":"IOC reported by @cyberthint on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://151.243.18.254']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberthint/status/2053810895281655859"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90428b31-d8e1-5aa8-a4a6-85f0838d38e4","created":"2026-05-11T12:14:00.000Z","modified":"2026-05-11T12:14:00.000Z","valid_from":"2026-05-11T12:14:00.000Z","name":"http://94.26.83.199","description":"IOC reported by @cyberthint on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://94.26.83.199']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberthint/status/2053810895281655859"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--577f0678-d78a-5dd2-bea5-678db0d965d2","created":"2026-05-11T12:14:00.000Z","modified":"2026-05-11T12:14:00.000Z","valid_from":"2026-05-11T12:14:00.000Z","name":"151.243.18.254","description":"IOC reported by @cyberthint on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '151.243.18.254']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberthint/status/2053810895281655859"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8941e633-22d4-54ef-baec-3a11d2e52302","created":"2026-05-11T12:14:00.000Z","modified":"2026-05-11T12:14:00.000Z","valid_from":"2026-05-11T12:14:00.000Z","name":"94.26.83.199","description":"IOC reported by @cyberthint on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '94.26.83.199']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberthint/status/2053810895281655859"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dbcc2264-7d1f-5d9e-a452-91ec1064db48","created":"2026-05-11T12:14:00.000Z","modified":"2026-05-11T12:14:00.000Z","valid_from":"2026-05-11T12:14:00.000Z","name":"7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb","description":"IOC reported by @cyberthint on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/cyberthint/status/2053810895281655859"}],"labels":["ClickFix"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc9ecd08-8ac5-529b-a0fa-4776c69b6c14","created":"2026-05-11T12:28:00.000Z","modified":"2026-05-11T12:28:00.000Z","valid_from":"2026-05-11T12:28:00.000Z","name":"capture10.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'capture10.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053814460901732632"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c09e1ad-b17e-5690-9486-85f2579f008f","created":"2026-05-11T12:28:00.000Z","modified":"2026-05-11T12:28:00.000Z","valid_from":"2026-05-11T12:28:00.000Z","name":"https://capture10.com/o96zJvtiS5uZ","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://capture10.com/o96zJvtiS5uZ']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2053814460901732632"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d538023b-c2e1-5b42-9cdd-15cda7e5c425","created":"2026-05-11T12:58:00.000Z","modified":"2026-05-11T12:58:00.000Z","valid_from":"2026-05-11T12:58:00.000Z","name":"https://github.com/pd1-pd","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/pd1-pd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2053822000150483047"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40fa8a2c-b2aa-511f-a48e-3fdd9d166b05","created":"2026-05-11T12:58:00.000Z","modified":"2026-05-11T12:58:00.000Z","valid_from":"2026-05-11T12:58:00.000Z","name":"https://github.com/ud-pd","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://github.com/ud-pd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2053822000150483047"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd1c9d22-c3da-5b83-810e-d23154cedf1d","created":"2026-05-11T12:58:00.000Z","modified":"2026-05-11T12:58:00.000Z","valid_from":"2026-05-11T12:58:00.000Z","name":"56ff11e3d7de149ad251b6fd7e565a71","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '56ff11e3d7de149ad251b6fd7e565a71']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2053822000150483047"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--772bf496-7648-5886-938c-f89fb8c2689f","created":"2026-05-11T12:58:00.000Z","modified":"2026-05-11T12:58:00.000Z","valid_from":"2026-05-11T12:58:00.000Z","name":"c196e3eedb24812568521ec9cbcedf31","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'c196e3eedb24812568521ec9cbcedf31']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2051603312546594944"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a807af1d-9bca-52d8-a943-11eada56d17e","created":"2026-05-11T13:28:00.000Z","modified":"2026-05-11T13:28:00.000Z","valid_from":"2026-05-11T13:28:00.000Z","name":"74399b1d6c287ae48db67fc5e3aa5a28","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '74399b1d6c287ae48db67fc5e3aa5a28']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2053829556080144482"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6426abc3-a6f5-5926-8120-414982d699c9","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"http://77.110.124.112","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://77.110.124.112']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053831195322904663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--15063dda-4695-5396-bf0f-1c6bc3b4e2ae","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"iuwef.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'iuwef.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053831195322904663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--db5f35c6-c74d-5f57-b93e-ce2a60f7c85d","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"http://iuwef.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://iuwef.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053831195322904663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ab560ff-caf0-5672-ba26-746316069ad0","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"koqwh.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'koqwh.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053831195322904663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--21ec6392-4d32-5e1c-94cd-d7b75789b357","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"http://koqwh.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://koqwh.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053831195322904663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ef4abd4-3eb3-5454-8096-daad45144d14","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"lonjfq.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lonjfq.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053831195322904663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--680674c5-8519-54da-8e94-0926a0580dc9","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"http://lonjfq.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://lonjfq.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053831195322904663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--61e17b70-2c7b-5a61-baf9-16ca01945c83","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"77.110.124.112","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.110.124.112']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2053831195322904663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--647d8194-de00-53d7-b93a-d5288f02c913","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"http://86.54.25.202","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://86.54.25.202']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046290992052244803"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9ea5dc6-9ad9-59e7-9dba-87850cf389e0","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"http://86.54.25.204","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://86.54.25.204']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046290992052244803"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--69128c45-1c94-57a0-ab4b-68e34cadd9c7","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"86.54.25.202","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '86.54.25.202']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046290992052244803"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd49a93b-0f9e-5d2c-a167-7444289536da","created":"2026-05-11T13:34:00.000Z","modified":"2026-05-11T13:34:00.000Z","valid_from":"2026-05-11T13:34:00.000Z","name":"86.54.25.204","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '86.54.25.204']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2046290992052244803"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4158df9a-140e-52fb-9a32-ecad74ed121f","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"ndigitals.in","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndigitals.in']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4072e5d3-ae8b-5032-b6ad-d7058edcea07","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"https://ndigitals.in/payloadvbs.b64","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ndigitals.in/payloadvbs.b64']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1018ef49-4686-5e14-819a-ec38b27eb291","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"morrismusicltd.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'morrismusicltd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1e18e42-8629-5807-bfe1-b49cb9b0e61d","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"https://morrismusicltd.com/report-proeval.php","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://morrismusicltd.com/report-proeval.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--adb59374-e754-5312-aea0-28078293ec86","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"vothequine.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'vothequine.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7e3612a-ae61-5ae2-b1bb-13f493fce7ba","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"https://vothequine.com/sunrise.txt","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://vothequine.com/sunrise.txt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--865c4684-c991-5106-a2df-3164bbee1c2b","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"smartheartboardgame.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'smartheartboardgame.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa7b3d9f-0b73-5878-b06b-526a4aa0d495","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"https://smartheartboardgame.com/report-proeval.php","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://smartheartboardgame.com/report-proeval.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e261828f-3db1-5eb7-b643-d3eda4b881f4","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"ristorantezago.it","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ristorantezago.it']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8d11fe9-df27-5e3f-8cda-ba5e06d4e9fe","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"https://www.ristorantezago.it/sunrise.txt","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.ristorantezago.it/sunrise.txt']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--525d01a8-c40b-5f78-a717-1ade57cf72c1","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"fcc1abd4122c4aa6f6f7722d7d3b093b95aeb84ee697239978e6201aa88cf4da","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'fcc1abd4122c4aa6f6f7722d7d3b093b95aeb84ee697239978e6201aa88cf4da']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b90dcf50-81f8-5d39-a96e-378dd0b6314b","created":"2026-05-11T13:58:00.000Z","modified":"2026-05-11T13:58:00.000Z","valid_from":"2026-05-11T13:58:00.000Z","name":"8b7d9c3085decba6895528bc26003059c779ede983e24f629c26d867f58edcb9","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8b7d9c3085decba6895528bc26003059c779ede983e24f629c26d867f58edcb9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053837248433467708"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f33b768-b834-5f58-b43b-38603342eb52","created":"2026-05-11T14:00:00.000Z","modified":"2026-05-11T14:00:00.000Z","valid_from":"2026-05-11T14:00:00.000Z","name":"onlineicloud.support","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'onlineicloud.support']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053837577736618133"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adc417bc-14e4-5461-abbd-50e7b7919b59","created":"2026-05-11T14:00:00.000Z","modified":"2026-05-11T14:00:00.000Z","valid_from":"2026-05-11T14:00:00.000Z","name":"https://onlineicloud.support","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://onlineicloud.support']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053837577736618133"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e90bf08-ee99-5ab6-af3d-8a22cd319f4d","created":"2026-05-11T14:01:00.000Z","modified":"2026-05-11T14:01:00.000Z","valid_from":"2026-05-11T14:01:00.000Z","name":"http://146.103.106.59","description":"IOC reported by @RussianPanda9xx on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://146.103.106.59']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RussianPanda9xx/status/2053837915185111061"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7306270b-92ac-5cca-9dd5-67a1ca421f6c","created":"2026-05-11T14:01:00.000Z","modified":"2026-05-11T14:01:00.000Z","valid_from":"2026-05-11T14:01:00.000Z","name":"146.103.106.59","description":"IOC reported by @RussianPanda9xx on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '146.103.106.59']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/RussianPanda9xx/status/2053837915185111061"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2076982b-e8fd-5c89-81c7-eda2a22b6118","created":"2026-05-11T14:45:00.000Z","modified":"2026-05-11T14:45:00.000Z","valid_from":"2026-05-11T14:45:00.000Z","name":"hotel-stay32181.com","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hotel-stay32181.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2053848962306572344"}],"labels":["booking","phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86ac0936-bc36-5772-a513-ab1d0bdfdd05","created":"2026-05-11T14:45:00.000Z","modified":"2026-05-11T14:45:00.000Z","valid_from":"2026-05-11T14:45:00.000Z","name":"https://hotel-stay32181.com","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://hotel-stay32181.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2053848962306572344"}],"labels":["booking","phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e848bec-929c-57ae-b017-ac8d33878483","created":"2026-05-11T16:00:00.000Z","modified":"2026-05-11T16:00:00.000Z","valid_from":"2026-05-11T16:00:00.000Z","name":"briuoqrakq.firebaseapp.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'briuoqrakq.firebaseapp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053867795616579759"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--381814e7-ffba-5df5-a7e3-c62efd141774","created":"2026-05-11T16:00:00.000Z","modified":"2026-05-11T16:00:00.000Z","valid_from":"2026-05-11T16:00:00.000Z","name":"https://briuoqrakq.firebaseapp.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://briuoqrakq.firebaseapp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053867795616579759"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--126a6254-1029-51e5-9f48-10999fc2564b","created":"2026-05-11T16:21:00.000Z","modified":"2026-05-11T16:21:00.000Z","valid_from":"2026-05-11T16:21:00.000Z","name":"ins-tagram.com","description":"IOC reported by @tobersotski on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ins-tagram.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/tobersotski/status/2053873168721334344"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6dfaa99e-a971-5dd5-965b-731fd0a91808","created":"2026-05-11T16:21:00.000Z","modified":"2026-05-11T16:21:00.000Z","valid_from":"2026-05-11T16:21:00.000Z","name":"http://ins-tagram.com","description":"IOC reported by @tobersotski on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ins-tagram.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/tobersotski/status/2053873168721334344"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e302f6a-0bb9-5af8-8682-41e6b7c45c1f","created":"2026-05-11T16:34:00.000Z","modified":"2026-05-11T16:34:00.000Z","valid_from":"2026-05-11T16:34:00.000Z","name":"ne12bradesconetempresapj.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ne12bradesconetempresapj.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2053876482544488938"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9398d220-e643-550b-b8c4-674863a067a4","created":"2026-05-11T16:34:00.000Z","modified":"2026-05-11T16:34:00.000Z","valid_from":"2026-05-11T16:34:00.000Z","name":"https://www.ne12bradesconetempresapj.com/acesso-seguro.php?token=1325787116a022c49017d69.66885194","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.ne12bradesconetempresapj.com/acesso-seguro.php?token=1325787116a022c49017d69.66885194']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2053876482544488938"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21de909c-11b8-53fc-a61b-946e6fe3615e","created":"2026-05-11T16:34:00.000Z","modified":"2026-05-11T16:34:00.000Z","valid_from":"2026-05-11T16:34:00.000Z","name":"181.214.221.46","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '181.214.221.46']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2053876482544488938"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4be993e0-755d-5e15-948a-2f6bc25a73d6","created":"2026-05-11T17:27:00.000Z","modified":"2026-05-11T17:27:00.000Z","valid_from":"2026-05-11T17:27:00.000Z","name":"mytax-organizerad12cc52-3ef8-4c42-8474-8165bcb2c546.hendakuffventures.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mytax-organizerad12cc52-3ef8-4c42-8474-8165bcb2c546.hendakuffventures.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2053889768879206643"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af8116fc-e0c3-514c-b0c8-fde8be647100","created":"2026-05-11T17:27:00.000Z","modified":"2026-05-11T17:27:00.000Z","valid_from":"2026-05-11T17:27:00.000Z","name":"http://mytax-organizerad12cc52-3ef8-4c42-8474-8165bcb2c546.hendakuffventures.com/com.php","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mytax-organizerad12cc52-3ef8-4c42-8474-8165bcb2c546.hendakuffventures.com/com.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2053889768879206643"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15386c3c-2a68-550f-87e3-d359d4524d19","created":"2026-05-11T17:27:00.000Z","modified":"2026-05-11T17:27:00.000Z","valid_from":"2026-05-11T17:27:00.000Z","name":"b956e00320c4d41e5122a9a94d7cd03f4d5b109b64fc84ccccc777042df65738","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'b956e00320c4d41e5122a9a94d7cd03f4d5b109b64fc84ccccc777042df65738']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2053889768879206643"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a434f45a-2135-5cfa-8b3b-9d7de47e84ef","created":"2026-05-11T17:46:00.000Z","modified":"2026-05-11T17:46:00.000Z","valid_from":"2026-05-11T17:46:00.000Z","name":"mcabinnesotaimplangroup.vu","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mcabinnesotaimplangroup.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2053894478675783712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15988709-3672-503d-843d-96791a976da8","created":"2026-05-11T17:46:00.000Z","modified":"2026-05-11T17:46:00.000Z","valid_from":"2026-05-11T17:46:00.000Z","name":"http://mcabinnesotaimplangroup.vu","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mcabinnesotaimplangroup.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2053894478675783712"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62c195d1-058f-5ef7-a855-6f856619a2cb","created":"2026-05-11T18:00:00.000Z","modified":"2026-05-11T18:00:00.000Z","valid_from":"2026-05-11T18:00:00.000Z","name":"mailnotice008.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mailnotice008.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053897976167195099"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71909647-5173-50d3-a308-0b7911184f42","created":"2026-05-11T18:00:00.000Z","modified":"2026-05-11T18:00:00.000Z","valid_from":"2026-05-11T18:00:00.000Z","name":"https://mailnotice008.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mailnotice008.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053897976167195099"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe87da60-d0ea-5f9b-a09f-b9f825b07dc0","created":"2026-05-11T18:00:00.000Z","modified":"2026-05-11T18:00:00.000Z","valid_from":"2026-05-11T18:00:00.000Z","name":"nid-navernet.onthewifi.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-navernet.onthewifi.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2053897946023006597"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6029cd88-0125-5d18-bd27-44cd0cbf1837","created":"2026-05-11T18:00:00.000Z","modified":"2026-05-11T18:00:00.000Z","valid_from":"2026-05-11T18:00:00.000Z","name":"http://nid-navernet.onthewifi.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-navernet.onthewifi.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2053897946023006597"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fb6d949-690e-570f-9326-f47d4e3ea1f8","created":"2026-05-11T18:00:00.000Z","modified":"2026-05-11T18:00:00.000Z","valid_from":"2026-05-11T18:00:00.000Z","name":"http://27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2053897946023006597"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c41e64fd-bb60-5e1c-a8ea-f62b098b645e","created":"2026-05-11T18:00:00.000Z","modified":"2026-05-11T18:00:00.000Z","valid_from":"2026-05-11T18:00:00.000Z","name":"27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2053897946023006597"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d2b325a-91ab-5a9b-a948-8e88ab31ce16","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"updatesubs-netfilx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'updatesubs-netfilx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--24f0f36b-94f5-5b0d-8d3d-6492b7061926","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://updatesubs-netfilx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://updatesubs-netfilx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f88456e4-50dd-5ef7-94b7-923d238532ca","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"member-area-netfilx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'member-area-netfilx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e63eed89-94cc-5952-9226-e3e571db3123","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://member-area-netfilx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://member-area-netfilx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--045a5f2b-103b-58c2-8ac6-f9eac1ecd637","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"netfilx-account.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'netfilx-account.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c30c0357-42ca-5029-a60a-6b33f2d18adf","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://netfilx-account.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://netfilx-account.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9cc6de1-6a87-5016-a1ee-cce4784bf14b","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"netfilx-rejoin.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'netfilx-rejoin.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef0704cd-be8c-5aae-8d6e-c65ffd8f6bf9","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://netfilx-rejoin.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://netfilx-rejoin.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db58082f-d8d4-5d78-88b0-af87ba8d2373","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"netfilx-membership.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'netfilx-membership.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7728a5f0-34a1-5cad-b9d3-d1e7f976de21","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://netfilx-membership.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://netfilx-membership.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b5d1bc2-a662-5442-8d98-8906e6384347","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"my-etoll-service.vineluxe.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'my-etoll-service.vineluxe.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4698bf1-4350-537d-82e0-72909fba8925","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://my-etoll-service.vineluxe.store","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://my-etoll-service.vineluxe.store']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1220509-29d5-5865-91d4-9de0305de7f7","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"e-zpassiags-april.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-zpassiags-april.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29176ad9-816b-5a79-9130-60a2f15983ef","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://e-zpassiags-april.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://e-zpassiags-april.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98329a68-420b-56d8-bad1-26dda983aeb1","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"jangenam.ooguy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jangenam.ooguy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e844af0f-5933-5df8-8111-dce496cc0405","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://jangenam.ooguy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jangenam.ooguy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7340a07-2e21-587a-bdf7-1ccb1d978c78","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"ezpassiags-march.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ezpassiags-march.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1c80ef8-8c4e-56bd-884d-f03fd77463b4","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://ezpassiags-march.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ezpassiags-march.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d553525-dc33-5fe0-bc02-d180a4d6b281","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"etoll-ezpass-notify.bumbleshrimp.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'etoll-ezpass-notify.bumbleshrimp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--24b9b70d-6767-572b-9e96-ad6da5a1e38f","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://etoll-ezpass-notify.bumbleshrimp.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://etoll-ezpass-notify.bumbleshrimp.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c279439-e6e4-5552-a7db-0321413a40d1","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"etoll-blling-ezpssiags.mysynology.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'etoll-blling-ezpssiags.mysynology.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adc3b6c0-64e9-58a2-908f-c09bb340850a","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://etoll-blling-ezpssiags.mysynology.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://etoll-blling-ezpssiags.mysynology.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--acae64e8-ce7d-522a-aff7-321fad129e15","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"ezpssiags-etoll-02.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ezpssiags-etoll-02.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a10cb89-c86a-55f9-b0d8-b9ce7d267be7","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://ezpssiags-etoll-02.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ezpssiags-etoll-02.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7b6eec9-afcf-51ad-b5f0-f34ba8262160","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"ezpssiags-bill.1cooldns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ezpssiags-bill.1cooldns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a31029f-bb0e-50a9-b7c4-f1f4fbb45e68","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://ezpssiags-bill.1cooldns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ezpssiags-bill.1cooldns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89b5c883-fbc8-5e06-b9e8-7d1788e799e5","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"etoll-ezpssiags.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'etoll-ezpssiags.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ac610ba-033c-5993-b6f9-7d5863b9c0c4","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://etoll-ezpssiags.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://etoll-ezpssiags.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ff3c03c-0b3d-5248-8453-835b6f7b6da3","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"http://150.136.252.61","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://150.136.252.61']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ef84dee-b97a-51b6-aec1-355d9db9ce89","created":"2026-05-11T18:30:00.000Z","modified":"2026-05-11T18:30:00.000Z","valid_from":"2026-05-11T18:30:00.000Z","name":"150.136.252.61","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '150.136.252.61']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053905532377833708"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a34c44b8-30cc-5c0e-9de7-af4a2e462161","created":"2026-05-11T18:34:00.000Z","modified":"2026-05-11T18:34:00.000Z","valid_from":"2026-05-11T18:34:00.000Z","name":"http://142.171.160.137:8888","description":"IOC reported by @SansLimit3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://142.171.160.137:8888']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SansLimit3/status/2053906675430568281"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fbc5133a-217e-57cc-a235-84f768361be3","created":"2026-05-11T18:34:00.000Z","modified":"2026-05-11T18:34:00.000Z","valid_from":"2026-05-11T18:34:00.000Z","name":"142.171.160.137","description":"IOC reported by @SansLimit3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '142.171.160.137']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SansLimit3/status/2053906675430568281"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6c1d11c-bcab-52df-828e-ab3a9d7a8d43","created":"2026-05-11T18:34:00.000Z","modified":"2026-05-11T18:34:00.000Z","valid_from":"2026-05-11T18:34:00.000Z","name":"142.171.149.169","description":"IOC reported by @SansLimit3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '142.171.149.169']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SansLimit3/status/2053906675430568281"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4976b5d8-909e-5b90-8ce9-7ca6d53d36f5","created":"2026-05-11T18:34:00.000Z","modified":"2026-05-11T18:34:00.000Z","valid_from":"2026-05-11T18:34:00.000Z","name":"100.81.245.29","description":"IOC reported by @SansLimit3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '100.81.245.29']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SansLimit3/status/2053906675430568281"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d054d4a4-90da-5870-ae8c-b9c1173b6cdb","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"jmpoemqnmpj.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmpoemqnmpj.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b9a4b56-ea99-52ce-8762-57753047f8f5","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://jmpoemqnmpj.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmpoemqnmpj.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--800b675d-5381-5555-bcb8-b1b790cc990d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imlbioxai.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imlbioxai.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d25c5f2d-a89c-54f1-8c58-1aa25d56ab55","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imlbioxai.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imlbioxai.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3e729f2-d2a0-520d-8d52-a339a94d7765","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"jmqgollpaij.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmqgollpaij.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fda142c-a7fc-57ff-906a-b3cc5ea16df6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://jmqgollpaij.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmqgollpaij.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ab01c1b-2852-594f-b075-86f3bad04acb","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"jmyappwlwza.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmyappwlwza.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98fc17a7-dce3-5883-babd-79282306c89a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://jmyappwlwza.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmyappwlwza.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1feeefe-dfff-5ab5-bf6d-73fe7257c887","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"jmvxsybqika.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmvxsybqika.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3425720f-cb2a-5cc9-8839-4f28b2c570d3","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://jmvxsybqika.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmvxsybqika.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c620406-5eae-5068-8651-9d98f67c9f8a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"jmmdkbebist.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmmdkbebist.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--118be536-2842-5a52-b13a-c7a6c245df3a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://jmmdkbebist.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmmdkbebist.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07d8363b-51a8-50a7-bb06-6bf21932b19f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"jmvtckrtdus.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmvtckrtdus.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b28fe1bf-0385-5290-bc22-155fb1a067d4","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://jmvtckrtdus.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmvtckrtdus.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0963b1fd-e30a-5766-a698-e175e77bc610","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"jmfrpejvtno.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmfrpejvtno.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d2cf1480-726e-539c-9ae2-d3dfae17288a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://jmfrpejvtno.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmfrpejvtno.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--484316f0-6717-5737-89ab-173ea7521d6b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"jmiwoyseqiv.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmiwoyseqiv.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46330670-86bd-5d29-90c2-770465645eb3","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://jmiwoyseqiv.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmiwoyseqiv.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01762379-6621-5378-9dcb-546c170f2bac","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"jmezzkwochd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jmezzkwochd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--beca453c-70a8-5447-acf2-022ce25c85cd","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://jmezzkwochd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://jmezzkwochd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff56044a-d582-5423-8bda-01dc9037376d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imboeznibuk.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imboeznibuk.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dde74601-04fa-5258-a6ff-dd8a230d6007","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imboeznibuk.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imboeznibuk.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82505cf8-cba6-57e5-81c3-924296028413","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imtzdrlecxv.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imtzdrlecxv.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3ba3e24-f730-5331-a531-5a05e9c54ea8","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imtzdrlecxv.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imtzdrlecxv.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--022ae418-e177-53b3-b2ca-d1c270e13d84","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imvfptssn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imvfptssn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05b8d5da-326d-59b2-af30-dc50f5063391","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imvfptssn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imvfptssn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cf4e3db-b0ce-5b4b-8acf-0bab27199858","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzmfkbbsewp.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzmfkbbsewp.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58765b6b-afe0-5dc4-a4ed-710b3a064c35","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzmfkbbsewp.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzmfkbbsewp.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--287ab754-527e-5afd-b5b5-a23af9f29def","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzvenuidipk.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzvenuidipk.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22a5b06b-5d59-5a80-a8c6-bc59b76edabc","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzvenuidipk.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzvenuidipk.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f6d433f-ecb4-5312-bec5-27afb25dafa1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzrgwbmxiuj.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzrgwbmxiuj.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e1d4142-82a5-548b-8fe2-57332f86f8b5","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzrgwbmxiuj.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzrgwbmxiuj.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03960af0-d89b-530f-8282-31d85beb8e89","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzsnlfjbutu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzsnlfjbutu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0cc3cee0-e3f5-574f-8554-40616e4f36bd","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzsnlfjbutu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzsnlfjbutu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--156646d5-b005-5687-a734-f768b4172c05","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzbvmihrfuq.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzbvmihrfuq.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b4f1dfe-a7b4-5547-a9b7-7c3483f17561","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzbvmihrfuq.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzbvmihrfuq.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dcd1931c-43be-544d-86d1-fd816456440d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzvuhwepflo.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzvuhwepflo.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b18f582b-f91e-5ff7-a064-2ae35a39bcd8","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzvuhwepflo.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzvuhwepflo.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c42d2d96-b00f-50ae-98c0-4f1080631c76","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzsimgxmjse.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzsimgxmjse.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a5c2ef-fdf2-5ada-9332-e620b2045cb1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzsimgxmjse.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzsimgxmjse.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7799800-848f-5a84-9af3-2ca16ed5ba87","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzhaeuhucba.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzhaeuhucba.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c553d624-ee14-545b-af21-4eec25ec9a8f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzhaeuhucba.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzhaeuhucba.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebc190e3-1789-50ef-862f-37d41a92a7f0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzfznmyeovb.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzfznmyeovb.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--42b0c3af-78e7-5c6d-9842-adfce9ddd99b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzfznmyeovb.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzfznmyeovb.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc16127a-c044-5198-a008-6586d6d1de38","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzomshrstkm.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzomshrstkm.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--477224b4-dea8-5fc3-8063-72891f38d323","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzomshrstkm.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzomshrstkm.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd22130d-70f3-5de4-931a-ea029a3ebbef","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imyflphhjqu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imyflphhjqu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a7cde8f-eedd-58b1-9404-10e9578f9c6c","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imyflphhjqu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imyflphhjqu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8970a5d0-1cfb-53fa-9198-7df823b064c7","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imweqtnvyqw.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imweqtnvyqw.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2d1b89d-ad4f-5e99-88ab-09aa03c86d86","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imweqtnvyqw.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imweqtnvyqw.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--784641ee-51c0-5aa6-b623-850517669fa0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imhsvamtlso.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imhsvamtlso.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3b05606-1583-5e99-a592-a3b1cbb3c8b1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imhsvamtlso.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imhsvamtlso.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07ce300e-3e84-5830-8553-6a98149f18c6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imhyuyzlmix.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imhyuyzlmix.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aad5dc39-42aa-549b-b45f-bddb0dcaecda","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imhyuyzlmix.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imhyuyzlmix.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c44578ef-8383-5c50-98d2-f4f6392c11c3","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imxdxzhmtju.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imxdxzhmtju.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f21ba838-feaa-582b-a729-0095a2d81ef1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imxdxzhmtju.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imxdxzhmtju.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d23ed644-47c0-5c0c-86a6-2f9294d6ed10","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imnxofrpdik.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imnxofrpdik.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82d32ff2-0952-5b36-9351-c43b4aab5e58","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imnxofrpdik.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imnxofrpdik.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34ce6f9e-3c1d-59fa-8e31-9d265032f013","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imiiuyuvhfe.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imiiuyuvhfe.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7946fcee-dc6d-53c7-b97f-93decfb2efdb","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imiiuyuvhfe.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imiiuyuvhfe.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a9f75c8f-4e0d-5a43-85be-dd90b267922b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imypevsnxap.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imypevsnxap.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ea8825c-5a74-5de5-b377-bb762187d914","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imypevsnxap.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imypevsnxap.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02e5ceab-d99e-5f9e-a17c-56766ff65cc3","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imhsiexkoyz.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imhsiexkoyz.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92d48e7c-fc5c-5d80-8b11-107315c52f32","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imhsiexkoyz.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imhsiexkoyz.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2db7ccbe-2a5f-5a7a-8671-a3521bdefede","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imorelrlvgj.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imorelrlvgj.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7864eae-8749-5c14-98f2-8fd413082e3d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imorelrlvgj.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imorelrlvgj.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86c7b73e-06e9-5998-8037-fa710b53b450","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imlqzydpehu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imlqzydpehu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb6495fe-9e27-5f3a-b110-e2d59ebe9ad6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imlqzydpehu.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imlqzydpehu.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f9bfef1-431d-5913-8607-47b40954e1b6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imnnaghfftl.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imnnaghfftl.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03d08577-ee0f-5383-ac77-d9167c6de8c2","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imnnaghfftl.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imnnaghfftl.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--087999d2-941f-50e9-8c38-f3e88567ceb9","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"impolsmes.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'impolsmes.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bad33c4-974a-5138-b03f-97f95bafb446","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://impolsmes.abrdns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://impolsmes.abrdns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca139711-1dd5-57b6-aab2-1e60b5a95e46","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imltrdtzo.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imltrdtzo.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--530bdeaf-8037-5f64-8d1a-77968cbc5cfb","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imltrdtzo.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imltrdtzo.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--717fe050-50e1-5ee1-9af5-0cd3018919e4","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imhpqwwma.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imhpqwwma.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46d9ccf1-7115-5bbb-92ae-36e0ddf16c3d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imhpqwwma.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imhpqwwma.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce021e54-0692-59f2-bb20-13756e987082","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imeij2jof.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imeij2jof.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29ab1e4b-9822-5a88-be64-528bc4fb8aaf","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imeij2jof.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imeij2jof.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7c5361e-8f64-5747-9837-3ae0dffe98b8","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imnrhbcpg.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imnrhbcpg.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe39fb67-6454-56e7-86d6-92471d40ab4b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imnrhbcpg.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imnrhbcpg.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4b05fe8-7a41-5ce4-a069-29baea13145b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imqkodvnh.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imqkodvnh.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ff9347c8-d176-5859-8de5-cad9984ddeb1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imqkodvnh.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imqkodvnh.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f17e361e-f06e-5efd-9b03-b6de448e279e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imawiirlf.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imawiirlf.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44239f23-0436-526d-96a5-8e58cee0f967","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imawiirlf.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imawiirlf.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d02463ce-7c78-5d4b-abe6-e144479b2803","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imdildckx.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imdildckx.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f5410e9-0c1b-5a8d-95b5-4dedb8ad31e5","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imdildckx.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imdildckx.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eefc789f-2dce-5d42-b4e9-10e80f203ee1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imfueakgr.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imfueakgr.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c33c4ca2-6ec7-50eb-a7d7-49b78f337048","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imfueakgr.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imfueakgr.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--216ed232-8a9d-54ba-989a-2b0c38f1cd8b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imeqlvedp.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imeqlvedp.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c96ca4de-e510-53d3-9220-2a8b4ed8e881","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imeqlvedp.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imeqlvedp.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d15ff38-19d0-563d-92c3-0bb34f59df0b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imzrutppj.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imzrutppj.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--952d8df9-08be-51a4-b1d6-2fbaa58dbd68","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imzrutppj.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imzrutppj.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9577d6e-58e1-590e-897e-2823a540b997","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imwywutdl.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imwywutdl.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--419f27b1-71b0-53f4-a3f6-70c8636fffe1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imwywutdl.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imwywutdl.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e29ad360-4d7f-59ec-990f-c5fa13bae047","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imofwmyzu.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imofwmyzu.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c65e5ace-074b-5a35-83a7-e114abf0a7a1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imofwmyzu.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imofwmyzu.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9db6db4d-396f-5a1d-bee3-bea9e3800eab","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imklevubf.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imklevubf.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34410625-2864-5cd6-81c0-6c52156e5bf1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imklevubf.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imklevubf.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe6ab11b-ee92-561a-a718-b041e2edd093","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imwfbmotn.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imwfbmotn.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--146644d7-36b4-5eab-84ca-43d8e40e7d28","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imwfbmotn.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imwfbmotn.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7df04a25-9598-5107-8680-054f3c26377c","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imuvtahho.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imuvtahho.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7833d61-e628-5631-b7aa-e64600026375","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imuvtahho.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imuvtahho.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44bdc968-4616-516f-b0af-8b20fae9acae","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imqyeosse.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imqyeosse.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8bf1a6f-baaa-5f59-bad0-67dbc778f443","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imqyeosse.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imqyeosse.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--456a11e5-b981-51bb-bb93-eee675111655","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imkxrlawh.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imkxrlawh.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--841bee73-720e-5e71-95f4-30b24bd3ab07","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imkxrlawh.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imkxrlawh.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a10b8c5b-d0bc-558f-9a50-03c735335cb9","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imgkbwcaa.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imgkbwcaa.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98e8e909-2729-5cb4-9519-a2d64ebf37d0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imgkbwcaa.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imgkbwcaa.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53090444-3c51-5eed-ac96-7c9b928e965d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imevznwcg.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imevznwcg.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b025f6b-f154-5460-9ddc-b21a3535f48d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imevznwcg.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imevznwcg.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b9fbcb1-e103-5b90-a482-460295fa920d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imewesroh.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imewesroh.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8912f788-26be-5ca7-8044-488418ef597f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imewesroh.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imewesroh.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ba9437d-3875-525c-b8d6-ef2cda3e73ab","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imacfgmbf.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imacfgmbf.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5d30b61-0fe3-5d10-b64c-0f696cb9b613","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imacfgmbf.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imacfgmbf.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f59fa26f-6d60-5c25-b704-0666738701e8","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"imeasniku.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'imeasniku.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f70a6272-7742-5f51-8f04-323ff70cbe50","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://imeasniku.v6.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://imeasniku.v6.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c9098838-4803-5050-a812-137b3d84429f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmxpybvuc.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmxpybvuc.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd0c086f-bad2-52e6-8ebb-c3f387e162f3","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmxpybvuc.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmxpybvuc.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb842801-41f6-50c3-83a8-2e9b87e9012b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmhszflpi.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmhszflpi.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--082769c3-bc10-51e5-b69b-a7c1d0b329cc","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmhszflpi.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmhszflpi.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34394504-3bf7-57d5-8621-c761e6db2ab6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmlgnwldm.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlgnwldm.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e53fcfb2-88cb-5ec7-927e-4ce95f815446","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmlgnwldm.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlgnwldm.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e82e51f-99cb-5215-92db-b8a68f5a6b29","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmmslgieh.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmmslgieh.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e55d7a67-8939-51ff-81c3-e4fc1eeff194","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmmslgieh.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmmslgieh.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ef1aa08-a590-5669-9094-ee3f6c22fdd1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmxazemwg.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmxazemwg.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f645bf3-2a2c-54a0-b9e1-f0f7bd843bc0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmxazemwg.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmxazemwg.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ba39be2-5155-5222-8c9d-1b6c1021986f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmitjxofe.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmitjxofe.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--960f3b90-4a71-5943-89b9-aead61b8fa45","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmitjxofe.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmitjxofe.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--141500ad-04e3-5ab7-81e9-b43d05920eb0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmlvlkmrx.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlvlkmrx.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4388a145-d58e-5dca-a6e7-052cd51cafff","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmlvlkmrx.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlvlkmrx.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56fa2cd8-84b1-5f8f-8248-4e9c9fe74604","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmdihnrqd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmdihnrqd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--022b5392-8ac4-5d78-a5c6-eaa95799615c","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmdihnrqd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmdihnrqd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--053b1a5c-781f-533f-8a8a-5a01dbe179a9","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmlxyvdfd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlxyvdfd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0601fd4-c703-59a9-b1c8-4f143b47635e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmlxyvdfd.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlxyvdfd.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f86f2b0-34f5-526d-aea8-8cd66ceb7e51","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmluuuyqv.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmluuuyqv.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a0c9774-5c97-515d-b284-9c98a8816226","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmluuuyqv.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmluuuyqv.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dad5f0c8-89ee-57f1-98f2-8e30298baa66","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmlicoxiy.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlicoxiy.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--20c3db4e-89c3-50b4-8148-0e9dda25db58","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmlicoxiy.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlicoxiy.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9e22d6f-ff88-5596-bc87-ae2285291528","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmpavordl.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmpavordl.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f63be246-3693-5b8a-be16-3dcc0ca66aa8","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmpavordl.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmpavordl.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e471e109-bf66-536d-89d6-52eba52771b6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmpzzjggs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmpzzjggs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1516122b-56e8-568b-a1c6-61b6129f3c43","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmpzzjggs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmpzzjggs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc91eb8a-c782-53c3-a90e-2efd83ea517a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmvrbxkgs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmvrbxkgs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c3102ce-75df-5fb3-9f7b-59f8a3099ffe","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmvrbxkgs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmvrbxkgs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--521849b2-7d13-5769-889b-067f7cddc6ed","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmqmrttdo.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmqmrttdo.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52260713-0d0f-5a90-85c8-3e4127eab023","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmqmrttdo.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmqmrttdo.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9f5ab22-a894-5ad1-a493-9da68bb36790","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmgysllbn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmgysllbn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ce0f481-ea4b-55e1-a92f-97e742fc867e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmgysllbn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmgysllbn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f0a63a6-9ce0-541f-875e-99203c76e526","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmbjutevk.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmbjutevk.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ae6434e-bd91-5d06-8cfa-0a6a557b0bbc","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmbjutevk.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmbjutevk.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--371a3a8e-b030-53bd-843e-aa02b6d92c7d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmlojxudi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlojxudi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba003de5-ff87-5327-83a2-038935f51ab2","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmlojxudi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlojxudi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92d9a166-4a7c-51d5-bb53-d84700acedd9","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmalfgloi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmalfgloi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cafbf246-657b-5596-a41e-83e42086c4e2","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmalfgloi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmalfgloi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9195ca3c-c3b9-565f-9dbf-d65574bc7680","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmaiyvhxx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmaiyvhxx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--964e90cd-3d4d-54bc-9a8b-9f2182908d87","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmaiyvhxx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmaiyvhxx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e78d764-ad25-521e-a2ca-24dbc1475f01","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmshyqlvd.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmshyqlvd.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd46c997-d9d0-5ecc-ae14-1b1b7ba47e7d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmshyqlvd.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmshyqlvd.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26126a71-0e77-53e4-b688-460c1c6af242","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmpomqnzl.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmpomqnzl.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03448f12-bac5-57dd-8fb4-856fef0a51de","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmpomqnzl.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmpomqnzl.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9cc2635-511a-5c2e-882a-a0ad5f87d2d1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmrtuleuq.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmrtuleuq.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dfaae312-23e3-52d7-811f-f031b7015b7f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmrtuleuq.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmrtuleuq.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db79c681-d0a7-5558-b1e3-5050ffe10956","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmnqgrdvi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmnqgrdvi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--addb9cba-e80b-59ff-bb51-8454bacea26b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmnqgrdvi.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmnqgrdvi.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37305010-5768-592d-841a-f04ef4b39b1a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmypfihui.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmypfihui.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66f63e99-be4a-5565-8559-94e8ed59ebbc","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmypfihui.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmypfihui.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5015cc98-04d3-5ec1-93f7-b42ec049e62a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmlwykhre.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmlwykhre.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a564734-1c93-5931-977a-e5e450ba847c","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmlwykhre.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmlwykhre.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--968da71a-439b-565e-ace9-45d815752b3b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"hmhlfzokh.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hmhlfzokh.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05290247-8442-5ddc-8779-64d22fe416dd","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://hmhlfzokh.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://hmhlfzokh.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4d3dcbf-dbe0-57f1-ab34-d26cf08b1a71","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gseminuko.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gseminuko.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fccc606-6f99-5183-99bb-b4a0cbc7e208","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gseminuko.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gseminuko.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--402d27ce-3301-5304-93a8-6510937d6521","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmnwdhnupf.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmnwdhnupf.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2c0e3fe-e932-5fcc-b6e5-ac161f2a50d9","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmnwdhnupf.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmnwdhnupf.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1446c885-acc1-5f9a-9af9-1fa176ff8d07","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmjryqloxn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmjryqloxn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb51a11e-a821-5569-9f68-e57de7805be3","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmjryqloxn.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmjryqloxn.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bfff3411-7c44-5a23-9711-d8911e9df9b2","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmvbchibgq.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmvbchibgq.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e71a78dd-f084-56b3-8900-71ed2428becb","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmvbchibgq.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmvbchibgq.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36a558cc-2de1-5ba8-8b22-8466cdd452ef","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmhbilzscs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmhbilzscs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c254869-e837-5dd3-9876-e845ae122ffe","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmhbilzscs.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmhbilzscs.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d786bc57-7c7a-5b42-a44b-8cc3f866e39e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmycyrkwsq.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmycyrkwsq.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2634c8cd-f15e-5214-b12b-a2d4dc0dafdc","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmycyrkwsq.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmycyrkwsq.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--210d9a98-8cb2-59c8-bd5b-b234bbe25886","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmeinuljww.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmeinuljww.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c477f544-c611-57a2-9b8c-d43f260efadd","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmeinuljww.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmeinuljww.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7d0e7a1-6e63-5768-a428-d6a32b2eacfd","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmgwuancky.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmgwuancky.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--019b0f84-c6d8-5cb4-9b3b-42e2bda9d762","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmgwuancky.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmgwuancky.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a00019fa-392d-5515-b6d4-77ca526a58db","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmdqriyusm.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmdqriyusm.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed440d35-5743-5967-aee6-a4503e992cc5","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmdqriyusm.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmdqriyusm.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6c904b5-b193-557b-b02c-c32a9061b832","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmfvuwioeweh.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmfvuwioeweh.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4cf7709-becc-5193-ad0c-6f31c64fa8b3","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmfvuwioeweh.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmfvuwioeweh.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad9291b4-9ff3-54da-ab71-4f52cf4fe389","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmgwuahbji.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmgwuahbji.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adb59e44-b403-581e-981e-4851c00b0214","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmgwuahbji.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmgwuahbji.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d5a266e-610a-579e-82b8-fdad8df4bdc0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gmbxacmels.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gmbxacmels.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ef90042-7e2e-5bc2-a134-e15528de6ccd","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gmbxacmels.v6.rocks","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gmbxacmels.v6.rocks']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a72a24e-44f5-59f0-b206-2d1db2118295","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gpointedinfo.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gpointedinfo.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9de9e5dd-7eb9-5ee1-87d2-18152ba40fe8","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gpointedinfo.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gpointedinfo.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2523070b-99a0-5104-810d-fa1bfc54252f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gpotmains.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gpotmains.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--901876eb-a908-5159-ae49-a8507cebb9d3","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gpotmains.twilightparadox.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gpotmains.twilightparadox.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0b760978-6c13-5970-a1ff-466324b388bb","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"fpericyjin.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fpericyjin.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3cc21a6-9aa8-56b0-962f-dad4eb0c038b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://fpericyjin.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fpericyjin.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4320fa17-4343-54e7-b67b-8dc08f25e49d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"folkd9info.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'folkd9info.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8835b3d-dada-5ed7-a4b0-ec181a590f2f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://folkd9info.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://folkd9info.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97cb7f3a-9418-5f95-8872-eb54ec1c19f6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"flexinfon.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'flexinfon.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49f7824f-2ce8-550b-8523-14d70c3fa993","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://flexinfon.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://flexinfon.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6f543bc-0a20-50ba-bac9-d9d96b2c4a25","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"fkonsqilz.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fkonsqilz.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a486e4f-75e2-5d16-a24d-2cd79101f999","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://fkonsqilz.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fkonsqilz.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17941875-265a-51d0-a546-ea234c9e3da4","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"fisnispull.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fisnispull.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce8f8d48-3088-5f92-9063-1e42c3d0115d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://fisnispull.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fisnispull.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a82a820c-6293-527f-a2ab-858cd882102b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"fhozinftei.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fhozinftei.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ba28c9e-9ff3-5874-a7f7-0e2c31ec94ad","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://fhozinftei.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fhozinftei.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--622de4f6-93ec-5f04-8b40-e3b5d92de548","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"eonse71hc.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eonse71hc.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63f60a6a-8b0e-5e06-b5be-1e0e84574e09","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://eonse71hc.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eonse71hc.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93269fdf-1c4e-5b37-b803-9dcfe9d356b2","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"fhopcixim.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fhopcixim.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dadb9761-b317-5a04-a38a-06480a0f8179","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://fhopcixim.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fhopcixim.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48051202-d83b-53e5-94fb-cdf3c8019203","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"fearinronz.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fearinronz.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56954d24-a0b3-55e4-948c-ea2c88e67f07","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://fearinronz.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fearinronz.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--484108aa-c3bf-5a2c-959c-816465ef243e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"fcaset29.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fcaset29.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f3af1db-ddb3-5938-8543-fd11e1880ec4","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://fcaset29.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://fcaset29.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31f94461-9605-545c-8cd4-2e9d1063046e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"epa12cdiq.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'epa12cdiq.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89238fbc-8927-5908-8d10-b8d5b40f754e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://epa12cdiq.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://epa12cdiq.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--959d8a22-a98f-5f00-b51b-184d8563af9e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"ec8yxeon.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ec8yxeon.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43da6fee-2b9c-5b84-8fc3-8fb1cfca20df","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://ec8yxeon.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ec8yxeon.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--09a46f03-0b4a-5908-8c18-de52d891207e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"edn8uo7z.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edn8uo7z.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b43bb69d-1476-534b-a306-ecceac4cc517","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://edn8uo7z.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edn8uo7z.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd911ca3-afa7-518c-b133-e828330ffc64","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"eo90boios.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eo90boios.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6350e48-92db-57ed-a95c-1d219c149bb4","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://eo90boios.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eo90boios.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--865cda2c-1cb5-5a8d-8bf6-86387cf3674d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"e1ia92c90tz.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e1ia92c90tz.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1962a6be-1e4d-5799-aece-cc13223d14e9","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://e1ia92c90tz.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://e1ia92c90tz.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--706d8bb3-1804-59b6-a59a-dc64754a3d13","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"einfa8a30.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'einfa8a30.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7365ef04-4d1a-5a07-a136-8802b9e96dde","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://einfa8a30.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://einfa8a30.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--963a8f34-f419-5d02-ae8f-c0749c556d30","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"ef125dioaz4.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ef125dioaz4.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d00588fd-0ed9-5486-a709-9e205ba0510c","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://ef125dioaz4.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ef125dioaz4.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7d27d4b-78e5-535e-8907-c66f7ed8431f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"evisin193.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'evisin193.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c54f464e-19cd-5a20-9b4f-9fcba2259cd4","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://evisin193.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://evisin193.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1de01ed7-4fa2-5c8b-896c-fb3fc0668a2a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"esimdgit1.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'esimdgit1.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--360b805b-9b3a-518a-892c-243716cf07b0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://esimdgit1.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://esimdgit1.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cf8094a-a4bd-5da7-b1ae-e180850dc3ee","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"daurora.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'daurora.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26b91549-3b94-5fe7-82bc-f43130dec81a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://daurora.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://daurora.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b9e6fa7e-6bd5-541d-939b-9acbd0fd6afa","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"dtickaree.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dtickaree.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c600466-ec0d-51a6-9e69-fdc37af496a1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://dtickaree.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dtickaree.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc1af65b-7174-5589-bef4-0f52110cea77","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"duxopenor.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'duxopenor.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--13d24792-f365-5952-a30e-4f70cefc5ebe","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://duxopenor.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://duxopenor.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--17ed1f40-7feb-554e-acdf-6e926bd30b65","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"dynazdom.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dynazdom.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fb9a942-14ff-54ae-a4c9-5d1db727503f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://dynazdom.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dynazdom.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02f1d717-fd84-5e04-a9d8-3c294e4f6ee2","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"dsarapiz9.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dsarapiz9.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f44237ce-16c7-593f-bd78-161cf0fdefcc","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://dsarapiz9.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dsarapiz9.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58585d08-e3fa-5e4e-85ac-a3ab83902574","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"dso9asops.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dso9asops.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd15e282-0356-5aca-a771-9acf45535326","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://dso9asops.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dso9asops.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--141b2e84-8ed2-5990-b536-4a2203391fd7","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"dcamso10.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dcamso10.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16becda0-1937-5f01-b26f-f4416a3f08f8","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://dcamso10.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dcamso10.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--277dbe1b-9c46-59a3-8e51-de9b0bb73447","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"dhonexc.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dhonexc.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36a103d4-8534-5319-8d9d-5606d2572440","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://dhonexc.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dhonexc.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6bdf967-dc4a-56e9-b811-4ba074d97a79","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"dsolanosi.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dsolanosi.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3f81a8e-045b-5a16-b311-1bc4ea8518d6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://dsolanosi.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dsolanosi.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d50a289-4d5b-5ced-930c-acf34094b13a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"412949853a02b.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '412949853a02b.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d16d8b2-bb1f-5b9e-ae1c-a20da0c3d7e4","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://412949853a02b.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://412949853a02b.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--029f859e-7d43-552a-991a-49b2f59616c9","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"us2loadinfo.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'us2loadinfo.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef9245f0-6fad-5629-b7ce-7fd3aab6dde0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://us2loadinfo.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://us2loadinfo.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--adb9ca41-245f-5f41-a3e8-71e9a2b6ca0e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"eclodfast20.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eclodfast20.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34921434-dbc7-5702-b1f4-6d0c6a73480a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://eclodfast20.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eclodfast20.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d43bb758-e5f3-5e61-97af-34e70a5e4b2c","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"e10a9e5.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e10a9e5.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6380e322-6015-51b8-b925-8d49bce7111e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://e10a9e5.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://e10a9e5.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ac6f382-a161-52a3-acea-42672b9f8c2a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"t18delivery.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 't18delivery.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46568a5d-06b2-505e-b55d-b0288e755535","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://t18delivery.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t18delivery.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3193511-8a75-5f74-b211-0a833fb88766","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"comdeliv72.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'comdeliv72.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c42f96af-baac-5f31-94d0-5f49fed8683f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://comdeliv72.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://comdeliv72.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db6447cf-290e-5ec0-b827-cb94838f805b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"deon0capload.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'deon0capload.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c2e72a2-10eb-576e-90b4-aca3d5c4efad","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://deon0capload.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://deon0capload.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ff17032-979d-5dba-9e6d-5742c5c40103","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"trackinfo0.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'trackinfo0.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c74e7d64-da2a-5643-b81d-af302e8e5329","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://trackinfo0.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://trackinfo0.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d63b988b-7841-5d14-8fef-715eeac247f7","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"sudeliveryn.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sudeliveryn.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cb34bd0-4111-520c-9b3e-e83077782e32","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://sudeliveryn.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sudeliveryn.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6521ff2-172d-5054-9474-b432ef62f532","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"eclodfast20.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eclodfast20.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7e74d26e-99d4-5ff3-ade6-d9d52aad92b9","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://eclodfast20.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://eclodfast20.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4eb68a08-b294-50ff-973c-6a88e02e8c34","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"ecxfastpostx.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ecxfastpostx.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--396bedb4-dcd9-5d93-908d-bba30b81d7bd","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://ecxfastpostx.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ecxfastpostx.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--543db785-2100-570f-8133-65bee188a182","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"comdeliv72.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'comdeliv72.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--696d0f45-83ec-5396-b5d0-0a02ec06f20e","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://comdeliv72.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://comdeliv72.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27f36899-0c4d-5e2f-88c6-7c25b5e94bd1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"trackinfo0.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'trackinfo0.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ce716f4-c3f7-53ac-bfee-677dacd0edce","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://trackinfo0.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://trackinfo0.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a79e8c4-d8ff-56ee-98e4-b06588678057","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"us2loadinfo.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'us2loadinfo.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--33ae6c5f-c2ee-51bf-88bf-3cceded402f6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://us2loadinfo.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://us2loadinfo.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0382fe2c-f5e3-52fe-b914-4a94adb0ea41","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"sudeliveryn.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sudeliveryn.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61c9a3b8-f504-5260-be5e-75450f2f7c75","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://sudeliveryn.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://sudeliveryn.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31067cc1-e446-5dd1-af8b-e15a656a8668","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"micload4.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'micload4.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a649d961-1ea4-54dd-870f-23366abf60d6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://micload4.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://micload4.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--796c42a4-198b-5249-8dcf-513da561cc74","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"t5delivery.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 't5delivery.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f6e6795-7f3e-5d07-982d-e3b274732dcd","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://t5delivery.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://t5delivery.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f596416-d2cc-5441-bf48-a5fd6faca664","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"ecxloadon.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ecxloadon.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47ebd830-e3fa-5ac1-b4e0-cbd7002468f5","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://ecxloadon.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ecxloadon.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d0fef8b-78d0-5535-a327-8ea11aba3a3a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"deon0capload.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'deon0capload.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f6c86643-5bf3-5872-ae3a-4b0383731c8a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://deon0capload.entrydns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://deon0capload.entrydns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23743534-f611-5708-80d9-c2bc727dd99a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"gate.dnsrd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'gate.dnsrd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--734b7f11-0504-549c-a7ed-d746b8f9b548","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://gate.dnsrd.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://gate.dnsrd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9973779a-cd6b-59f0-bc5a-a6680065bdc6","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"camcdeliver.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'camcdeliver.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d6fc3ce-9f8e-5061-aaa7-1ac75a68683c","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://camcdeliver.libfoobar.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://camcdeliver.libfoobar.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66a798da-87a8-5d9f-b49d-9aaf5cc896b8","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"a51a.otzo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'a51a.otzo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9162c00-cecb-57b2-9208-e6659d9f832b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://a51a.otzo.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://a51a.otzo.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59c39227-6333-5b8c-ba3e-03526e8eddc2","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"42019239a0s0be.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '42019239a0s0be.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56437815-172c-56d4-96df-6774dcb26784","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://42019239a0s0be.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://42019239a0s0be.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--105ece05-818d-5627-be05-837832bd4cae","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"4c0a910fba9s1235.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '4c0a910fba9s1235.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37a3e308-2da5-5e75-a1b3-55b7b0285140","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://4c0a910fba9s1235.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://4c0a910fba9s1235.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98c5bfdb-2420-5438-b75e-f032ab5db092","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"419298as9bo2.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '419298as9bo2.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f501abed-5d33-5479-a5ec-acfbd0a94740","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://419298as9bo2.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://419298as9bo2.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31958301-82cc-5b16-9cbb-c1f18e562d1d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"491va9924abef1.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '491va9924abef1.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e255be7e-7cf1-511e-a728-ddd95e24d06d","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://491va9924abef1.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://491va9924abef1.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68b15520-bc3d-5d23-b619-42d77b769b59","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"48716ba0dea01.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '48716ba0dea01.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1369ca46-1599-5c95-8557-79594dec0a81","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://48716ba0dea01.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://48716ba0dea01.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86e06d48-f310-5f67-a4eb-f0660712d935","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"48d9a9120bae.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '48d9a9120bae.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5a68839-9cbe-5628-97ae-9165018043b4","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://48d9a9120bae.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://48d9a9120bae.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f8cc567-ad8b-57b6-86f3-a33823eb78b0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"441929450c2er.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '441929450c2er.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c427a81-65ae-5714-9c28-904c6905ebfa","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://441929450c2er.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://441929450c2er.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--371a099d-c1e0-5ed7-a6b6-4872a8d2dfb9","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"4d0q91239eqb5.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '4d0q91239eqb5.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--493d2ae4-3dfb-50c7-b26c-eac2089e0762","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://4d0q91239eqb5.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://4d0q91239eqb5.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6cc041ec-8e41-5b8b-a4fc-1a8e02e488e7","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"489817asd9bo.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '489817asd9bo.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f830139a-a624-54ee-9b03-eacbfca412e1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://489817asd9bo.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://489817asd9bo.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71cf091b-68ca-55f6-80f3-437b08c85dad","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"di812fvz.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'di812fvz.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--088a7337-73bf-5912-85cf-95a2fb617b1a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://di812fvz.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://di812fvz.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed1680f7-dc86-5571-8a22-4bc8da1bd62a","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"p291z0sin04a9.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'p291z0sin04a9.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86189d49-03b4-5972-aa06-b3f83bde50d1","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://p291z0sin04a9.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://p291z0sin04a9.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44d73e7d-11be-5801-ad0f-c5de769fe61b","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"as912jci1.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'as912jci1.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4fbed31c-0a23-58a3-a246-3ced2e030582","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://as912jci1.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://as912jci1.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e72a9ad-6f8a-5111-9a1e-955485f4b5ba","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"1928fjcia025.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '1928fjcia025.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--757e2398-019f-511f-add0-ec6a0eca9e10","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://1928fjcia025.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://1928fjcia025.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c6080d1-d04a-5049-80b0-f33689a9f715","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"c0ea0s217.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'c0ea0s217.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5d4cc38-a01f-5d9b-be2f-2906ad0ff294","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://c0ea0s217.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://c0ea0s217.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84899a41-f2d2-5638-b183-f7091c89a009","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"00a7c185.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '00a7c185.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9b20961-d731-5b00-a945-f9e61ff9e1d0","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://00a7c185.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://00a7c185.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1acca91a-36ca-5204-92f2-43a6ef022373","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"96ad0e.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '96ad0e.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bff8d1a2-c2cf-5da2-9012-22173d0b1401","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://96ad0e.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://96ad0e.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10da5646-6f2e-555c-b8b7-40d4a86fcf28","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"102c928da265b.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '102c928da265b.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c1c4732-fc8b-5d21-a2cd-12c5180746ff","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://102c928da265b.duckdns.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://102c928da265b.duckdns.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8432931d-8b16-5893-8a2a-e20fd893e55f","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"http://152.32.139.126","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://152.32.139.126']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62187b98-f0da-5407-8a7f-9cf5565456fe","created":"2026-05-11T18:42:00.000Z","modified":"2026-05-11T18:42:00.000Z","valid_from":"2026-05-11T18:42:00.000Z","name":"152.32.139.126","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '152.32.139.126']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2053908641653100604"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fe2d1be-2f79-5c12-b89f-b65307f24b65","created":"2026-05-11T19:48:00.000Z","modified":"2026-05-11T19:48:00.000Z","valid_from":"2026-05-11T19:48:00.000Z","name":"http://5.252.155.27","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://5.252.155.27']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053925235510976551"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--45a24dcf-600e-5032-8da7-74f52e889f63","created":"2026-05-11T19:48:00.000Z","modified":"2026-05-11T19:48:00.000Z","valid_from":"2026-05-11T19:48:00.000Z","name":"5.252.155.27","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '5.252.155.27']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053925235510976551"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--12522f1c-d8d5-51dd-bd9c-f8b9690868fc","created":"2026-05-11T19:48:00.000Z","modified":"2026-05-11T19:48:00.000Z","valid_from":"2026-05-11T19:48:00.000Z","name":"65de4ef064eba4afe141fd4226cd7cd96a1eaf9a6f2e47d3d9ed2aa4e257396e","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '65de4ef064eba4afe141fd4226cd7cd96a1eaf9a6f2e47d3d9ed2aa4e257396e']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053925235510976551"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--93b08c5e-605e-5fdd-a2c8-4eda82c63f12","created":"2026-05-11T19:53:00.000Z","modified":"2026-05-11T19:53:00.000Z","valid_from":"2026-05-11T19:53:00.000Z","name":"l1.topayapp.org:65512","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'l1.topayapp.org:65512']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053926493512671502"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4072ae1-a467-5deb-9eb4-0e948231c407","created":"2026-05-11T19:53:00.000Z","modified":"2026-05-11T19:53:00.000Z","valid_from":"2026-05-11T19:53:00.000Z","name":"http://l1.topayapp.org:65512","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://l1.topayapp.org:65512']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053926493512671502"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8bcca5ba-05e3-5464-9abe-3269ef96b6cd","created":"2026-05-11T19:53:00.000Z","modified":"2026-05-11T19:53:00.000Z","valid_from":"2026-05-11T19:53:00.000Z","name":"ws.z2s.us:2095","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ws.z2s.us:2095']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053926493512671502"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--df3b509a-d593-5619-8712-6a49bbba74a4","created":"2026-05-11T19:53:00.000Z","modified":"2026-05-11T19:53:00.000Z","valid_from":"2026-05-11T19:53:00.000Z","name":"http://ws.z2s.us:2095/code","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ws.z2s.us:2095/code']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053926493512671502"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c98aa18e-7fdf-565f-b367-cdeee987801a","created":"2026-05-11T19:53:00.000Z","modified":"2026-05-11T19:53:00.000Z","valid_from":"2026-05-11T19:53:00.000Z","name":"30df480a1b77469d441a904bae2c7913ad89f82773437ed8a5166c2425ce7b30","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '30df480a1b77469d441a904bae2c7913ad89f82773437ed8a5166c2425ce7b30']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053926493512671502"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7427265b-febd-528f-b01a-ddc162255048","created":"2026-05-11T20:00:00.000Z","modified":"2026-05-11T20:00:00.000Z","valid_from":"2026-05-11T20:00:00.000Z","name":"exodus-ten-five-sigma-dfasf-98457-343564-goa.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'exodus-ten-five-sigma-dfasf-98457-343564-goa.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053928163021914584"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fded5383-1c16-5986-bcc3-cc1d1bf1f86d","created":"2026-05-11T20:00:00.000Z","modified":"2026-05-11T20:00:00.000Z","valid_from":"2026-05-11T20:00:00.000Z","name":"https://exodus-ten-five-sigma-dfasf-98457-343564-goa.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://exodus-ten-five-sigma-dfasf-98457-343564-goa.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053928163021914584"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1520cb7a-781d-5554-9b48-f67e56e2c6ef","created":"2026-05-11T20:14:00.000Z","modified":"2026-05-11T20:14:00.000Z","valid_from":"2026-05-11T20:14:00.000Z","name":"forecast-exact-defined-determined.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'forecast-exact-defined-determined.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053931661214061040"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c6711af-d42d-57b8-83b0-e99d505833ae","created":"2026-05-11T20:14:00.000Z","modified":"2026-05-11T20:14:00.000Z","valid_from":"2026-05-11T20:14:00.000Z","name":"http://forecast-exact-defined-determined.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://forecast-exact-defined-determined.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053931661214061040"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--417097e3-0408-5394-866f-dbd100168e54","created":"2026-05-11T20:14:00.000Z","modified":"2026-05-11T20:14:00.000Z","valid_from":"2026-05-11T20:14:00.000Z","name":"7ccee0bc59cc09e48a3cd99f2cbcd0f478f6503d478042afc660902c1237020a","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7ccee0bc59cc09e48a3cd99f2cbcd0f478f6503d478042afc660902c1237020a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053931661214061040"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--28c9b8bb-d395-51ce-84a0-ff4b6a256950","created":"2026-05-11T20:34:00.000Z","modified":"2026-05-11T20:34:00.000Z","valid_from":"2026-05-11T20:34:00.000Z","name":"http://130.78.217.194:8888","description":"IOC reported by @malwrhunterteam on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://130.78.217.194:8888']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/malwrhunterteam/status/2053936774099956147"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e883281-a4f8-599b-ba21-1a17230b0a80","created":"2026-05-11T20:40:00.000Z","modified":"2026-05-11T20:40:00.000Z","valid_from":"2026-05-11T20:40:00.000Z","name":"a4e560c61861c4c3d6d614217d93f38fadea8ee6b127ccd85618ff4312582600","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'a4e560c61861c4c3d6d614217d93f38fadea8ee6b127ccd85618ff4312582600']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053938334456504462"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4955f368-a47b-57f2-bf9e-18efb73d92b9","created":"2026-05-11T20:45:00.000Z","modified":"2026-05-11T20:45:00.000Z","valid_from":"2026-05-11T20:45:00.000Z","name":"db7680c1636d67085bbd7ea3a15017b4f53bfdd17b0b134c4b3f43ff7f925a6c","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'db7680c1636d67085bbd7ea3a15017b4f53bfdd17b0b134c4b3f43ff7f925a6c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2053939515195023656"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a34b8681-4550-5adc-8ff7-fb881ed22606","created":"2026-05-11T22:00:00.000Z","modified":"2026-05-11T22:00:00.000Z","valid_from":"2026-05-11T22:00:00.000Z","name":"3242329-gwdg.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '3242329-gwdg.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053958372089643141"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a0784cc-d277-5137-b953-63afb4cc90b1","created":"2026-05-11T22:00:00.000Z","modified":"2026-05-11T22:00:00.000Z","valid_from":"2026-05-11T22:00:00.000Z","name":"https://3242329-gwdg.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://3242329-gwdg.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053958372089643141"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8bea10e3-05e7-5762-bdfb-d2c37d12ab88","created":"2026-05-11T22:34:00.000Z","modified":"2026-05-11T22:34:00.000Z","valid_from":"2026-05-11T22:34:00.000Z","name":"bk.muflg.top","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bk.muflg.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2053966988641497355"}],"labels":["scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a020271a-d348-5ec9-a582-911ce7d7ccbc","created":"2026-05-11T22:34:00.000Z","modified":"2026-05-11T22:34:00.000Z","valid_from":"2026-05-11T22:34:00.000Z","name":"8.216.44.55","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.216.44.55']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2053966988641497355"}],"labels":["scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ceb8b863-29dd-5c49-a6a3-37163abe8f49","created":"2026-05-12T00:00:00.000Z","modified":"2026-05-12T00:00:00.000Z","valid_from":"2026-05-12T00:00:00.000Z","name":"wccupdate.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wccupdate.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053988688929898680"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--607cc1ff-af21-5a36-bf03-2c6f0e67a65f","created":"2026-05-12T00:00:00.000Z","modified":"2026-05-12T00:00:00.000Z","valid_from":"2026-05-12T00:00:00.000Z","name":"https://wccupdate.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wccupdate.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2053988688929898680"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14e6a87a-a0c4-5b85-90f4-d28e5fdfad66","created":"2026-05-12T01:44:00.000Z","modified":"2026-05-12T01:44:00.000Z","valid_from":"2026-05-12T01:44:00.000Z","name":"bovurozef.z32.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bovurozef.z32.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054014907600052720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--02f92006-9546-51d1-bd71-d449f462fd85","created":"2026-05-12T01:44:00.000Z","modified":"2026-05-12T01:44:00.000Z","valid_from":"2026-05-12T01:44:00.000Z","name":"https://bovurozef.z32.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bovurozef.z32.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054014907600052720"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4392f258-a255-5a02-a14d-b41d04f1ce4c","created":"2026-05-12T02:00:00.000Z","modified":"2026-05-12T02:00:00.000Z","valid_from":"2026-05-12T02:00:00.000Z","name":"kocaelii.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kocaelii.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054018759610823045"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cc72eac-3cd6-5a3e-a84c-433029384b57","created":"2026-05-12T02:00:00.000Z","modified":"2026-05-12T02:00:00.000Z","valid_from":"2026-05-12T02:00:00.000Z","name":"https://kocaelii.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://kocaelii.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054018759610823045"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac6a435c-d858-5160-820b-5f8ce3130c62","created":"2026-05-12T02:43:00.000Z","modified":"2026-05-12T02:43:00.000Z","valid_from":"2026-05-12T02:43:00.000Z","name":"pozeny.shop","description":"IOC reported by @G60930953 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pozeny.shop']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/G60930953/status/2054029601408479514"}],"labels":["DPRK"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9edce41e-67e8-519e-a43b-064544132990","created":"2026-05-12T02:43:00.000Z","modified":"2026-05-12T02:43:00.000Z","valid_from":"2026-05-12T02:43:00.000Z","name":"http://pozeny.shop/mart/res/bb.php","description":"IOC reported by @G60930953 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pozeny.shop/mart/res/bb.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/G60930953/status/2054029601408479514"}],"labels":["DPRK"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2285714f-834a-5bda-bcb9-e2f39e4b1a26","created":"2026-05-12T02:43:00.000Z","modified":"2026-05-12T02:43:00.000Z","valid_from":"2026-05-12T02:43:00.000Z","name":"731d96ba17bd5714bba1f4f1dbfa0d1487fe2f54ff20bfdc64d4502538c3d587","description":"IOC reported by @G60930953 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '731d96ba17bd5714bba1f4f1dbfa0d1487fe2f54ff20bfdc64d4502538c3d587']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/G60930953/status/2054029601408479514"}],"labels":["DPRK"]},{"type":"indicator","spec_version":"2.1","id":"indicator--70a7f92e-7ae0-5111-9113-7014820d5bdb","created":"2026-05-12T02:43:00.000Z","modified":"2026-05-12T02:43:00.000Z","valid_from":"2026-05-12T02:43:00.000Z","name":"0ce1d8a47fc78ac53c0b62bed96b20fa721e3e39115a6248d55100eb01eafff1","description":"IOC reported by @G60930953 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '0ce1d8a47fc78ac53c0b62bed96b20fa721e3e39115a6248d55100eb01eafff1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/G60930953/status/2054029601408479514"}],"labels":["DPRK"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16ac6e0e-2944-52be-9a70-7e24d59e0339","created":"2026-05-12T03:30:00.000Z","modified":"2026-05-12T03:30:00.000Z","valid_from":"2026-05-12T03:30:00.000Z","name":"https://83.142.209.194/transformers.pyz","description":"IOC reported by @MsftSecIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://83.142.209.194/transformers.pyz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/MsftSecIntel/status/2054041471280423424"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd6e903e-ec3d-58f9-9b70-51fd792eae44","created":"2026-05-12T03:30:00.000Z","modified":"2026-05-12T03:30:00.000Z","valid_from":"2026-05-12T03:30:00.000Z","name":"http://83.142.209.194","description":"IOC reported by @MsftSecIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://83.142.209.194']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/MsftSecIntel/status/2054041471280423424"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--70e399df-2b50-5a98-aee7-afafedf2ad67","created":"2026-05-12T03:30:00.000Z","modified":"2026-05-12T03:30:00.000Z","valid_from":"2026-05-12T03:30:00.000Z","name":"pgmonitor.py","description":"IOC reported by @MsftSecIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pgmonitor.py']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/MsftSecIntel/status/2054041471280423424"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3240659-975f-5100-a917-3b921a9b833b","created":"2026-05-12T03:30:00.000Z","modified":"2026-05-12T03:30:00.000Z","valid_from":"2026-05-12T03:30:00.000Z","name":"http://pgmonitor.py","description":"IOC reported by @MsftSecIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pgmonitor.py']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/MsftSecIntel/status/2054041471280423424"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd5816a0-8e9f-5bc7-a346-a6d0594a9777","created":"2026-05-12T03:30:00.000Z","modified":"2026-05-12T03:30:00.000Z","valid_from":"2026-05-12T03:30:00.000Z","name":"83.142.209.194","description":"IOC reported by @MsftSecIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '83.142.209.194']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/MsftSecIntel/status/2054041471280423424"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e55cd4ee-c032-5b90-8731-13213ddf9958","created":"2026-05-12T03:36:00.000Z","modified":"2026-05-12T03:36:00.000Z","valid_from":"2026-05-12T03:36:00.000Z","name":"maryinternaldoc9c909448f0c5048b466d4030f0989544.gracesabagricbusiness.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'maryinternaldoc9c909448f0c5048b466d4030f0989544.gracesabagricbusiness.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2054042981045522604"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1d5578a-d84a-5c58-940d-790cc655c850","created":"2026-05-12T03:36:00.000Z","modified":"2026-05-12T03:36:00.000Z","valid_from":"2026-05-12T03:36:00.000Z","name":"https://maryinternaldoc9c909448f0c5048b466d4030f0989544.gracesabagricbusiness.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://maryinternaldoc9c909448f0c5048b466d4030f0989544.gracesabagricbusiness.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2054042981045522604"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb50fac3-b481-5703-b91e-698c224c43d9","created":"2026-05-12T03:36:00.000Z","modified":"2026-05-12T03:36:00.000Z","valid_from":"2026-05-12T03:36:00.000Z","name":"18a3dd7ab5a6cc31bf15d048e519d05b0a569ee5d4595ac6d6abdfdc4d456e94","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '18a3dd7ab5a6cc31bf15d048e519d05b0a569ee5d4595ac6d6abdfdc4d456e94']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2054042981045522604"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31d35a63-a104-5743-8d43-22ceeffe7baf","created":"2026-05-12T03:42:00.000Z","modified":"2026-05-12T03:42:00.000Z","valid_from":"2026-05-12T03:42:00.000Z","name":"pamelarecordzcbb43de84659d691b441405b2a778b61.westernminingghana.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pamelarecordzcbb43de84659d691b441405b2a778b61.westernminingghana.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2054044515875614737"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d530dab0-40b6-5c2d-b1da-2bec2778e968","created":"2026-05-12T03:42:00.000Z","modified":"2026-05-12T03:42:00.000Z","valid_from":"2026-05-12T03:42:00.000Z","name":"https://pamelarecordzcbb43de84659d691b441405b2a778b61.westernminingghana.com","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pamelarecordzcbb43de84659d691b441405b2a778b61.westernminingghana.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2054044515875614737"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a32a41d-2b53-592a-bbcf-40b3b1f7af45","created":"2026-05-12T03:42:00.000Z","modified":"2026-05-12T03:42:00.000Z","valid_from":"2026-05-12T03:42:00.000Z","name":"8a9ec228c1b1cedf445b2751036b4ef50f2a5a68932996bea373d586f3b2d5cf","description":"IOC reported by @patialavii on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8a9ec228c1b1cedf445b2751036b4ef50f2a5a68932996bea373d586f3b2d5cf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/patialavii/status/2054044515875614737"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02173ec9-8887-5db0-868b-1c6164a1da7f","created":"2026-05-12T04:00:00.000Z","modified":"2026-05-12T04:00:00.000Z","valid_from":"2026-05-12T04:00:00.000Z","name":"yahoostorage.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'yahoostorage.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054048973661376717"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b351ae3f-d9e4-5196-bddf-587cbb5c002a","created":"2026-05-12T04:00:00.000Z","modified":"2026-05-12T04:00:00.000Z","valid_from":"2026-05-12T04:00:00.000Z","name":"https://yahoostorage.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://yahoostorage.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054048973661376717"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7035da5c-f6f9-506f-89d8-292de6ca828c","created":"2026-05-12T04:10:00.000Z","modified":"2026-05-12T04:10:00.000Z","valid_from":"2026-05-12T04:10:00.000Z","name":"dsrzzi.jetgq.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dsrzzi.jetgq.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054051592132039100"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7695193-008b-5d2c-a0a1-5d33f68909be","created":"2026-05-12T04:10:00.000Z","modified":"2026-05-12T04:10:00.000Z","valid_from":"2026-05-12T04:10:00.000Z","name":"https://dsrzzi.jetgq.cn/jkautixtf/londut/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dsrzzi.jetgq.cn/jkautixtf/londut/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054051592132039100"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b5e91e1-b504-59fc-9a8d-41f21c788a10","created":"2026-05-12T04:10:00.000Z","modified":"2026-05-12T04:10:00.000Z","valid_from":"2026-05-12T04:10:00.000Z","name":"http://165.154.231.146","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://165.154.231.146']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054051592132039100"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14646d38-f535-505d-9544-5d0ec6d3ce49","created":"2026-05-12T04:10:00.000Z","modified":"2026-05-12T04:10:00.000Z","valid_from":"2026-05-12T04:10:00.000Z","name":"165.154.231.146","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '165.154.231.146']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054051592132039100"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59d1f19c-72a0-54f2-97af-aa6502ed3396","created":"2026-05-12T04:23:00.000Z","modified":"2026-05-12T04:23:00.000Z","valid_from":"2026-05-12T04:23:00.000Z","name":"ifajiabang.com","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ifajiabang.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054054788959199336"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb382900-6b26-5cab-b2a1-a328133b2c64","created":"2026-05-12T04:23:00.000Z","modified":"2026-05-12T04:23:00.000Z","valid_from":"2026-05-12T04:23:00.000Z","name":"https://ifajiabang.com/dca3ei/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ifajiabang.com/dca3ei/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054054788959199336"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--855b720a-02a6-5c69-b931-af2e2a3f6731","created":"2026-05-12T04:23:00.000Z","modified":"2026-05-12T04:23:00.000Z","valid_from":"2026-05-12T04:23:00.000Z","name":"http://43.153.186.198","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://43.153.186.198']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054054788959199336"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d0c7a81-d27d-5224-80b6-01550df17662","created":"2026-05-12T04:23:00.000Z","modified":"2026-05-12T04:23:00.000Z","valid_from":"2026-05-12T04:23:00.000Z","name":"43.153.186.198","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.153.186.198']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054054788959199336"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44da8abc-989e-5b37-9f57-f2cf025a62dd","created":"2026-05-12T04:34:00.000Z","modified":"2026-05-12T04:34:00.000Z","valid_from":"2026-05-12T04:34:00.000Z","name":"rqvzkqb.shbllgs.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rqvzkqb.shbllgs.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054057602485792854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90b621dc-1602-50ed-ac69-2fd26b0a16fe","created":"2026-05-12T04:34:00.000Z","modified":"2026-05-12T04:34:00.000Z","valid_from":"2026-05-12T04:34:00.000Z","name":"https://rqvzkqb.shbllgs.cn/pkkjp/aenop/potyunde/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rqvzkqb.shbllgs.cn/pkkjp/aenop/potyunde/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054057602485792854"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca95f41e-5508-54e3-b4b5-38c9e0ad8bfd","created":"2026-05-12T04:39:00.000Z","modified":"2026-05-12T04:39:00.000Z","valid_from":"2026-05-12T04:39:00.000Z","name":"kylesplumbing.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kylesplumbing.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054058738064269677"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b04b2b7b-3891-55e1-8ffe-c3860d869c1e","created":"2026-05-12T04:39:00.000Z","modified":"2026-05-12T04:39:00.000Z","valid_from":"2026-05-12T04:39:00.000Z","name":"http://kylesplumbing.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kylesplumbing.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054058738064269677"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fe77b96-cfa2-560e-8bbc-8c7afea061c4","created":"2026-05-12T05:10:00.000Z","modified":"2026-05-12T05:10:00.000Z","valid_from":"2026-05-12T05:10:00.000Z","name":"https://blackhat.com/us-26/training/schedule/#practical-genai-for-threat-intel-real-world-agentic-workflows-for-cyber-threat-intelligence-50417","description":"IOC reported by @fr0gger_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://blackhat.com/us-26/training/schedule/#practical-genai-for-threat-intel-real-world-agentic-workflows-for-cyber-threat-intelligence-50417']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fr0gger_/status/2054066540551778529"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e3c1f6d-bd4c-5c1b-8b36-7b68d10aef2e","created":"2026-05-12T05:10:00.000Z","modified":"2026-05-12T05:10:00.000Z","valid_from":"2026-05-12T05:10:00.000Z","name":"https://blackhat.com/us-26/training/schedule/#practical-genai-for-threat-intel-real-world-agentic-workflows-for-cyber-threat-intelligence-504171770249968","description":"IOC reported by @fr0gger_ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://blackhat.com/us-26/training/schedule/#practical-genai-for-threat-intel-real-world-agentic-workflows-for-cyber-threat-intelligence-504171770249968']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/fr0gger_/status/2054066540551778529"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e3a5ff1-fdee-526b-a136-46df78ca9b78","created":"2026-05-12T06:00:00.000Z","modified":"2026-05-12T06:00:00.000Z","valid_from":"2026-05-12T06:00:00.000Z","name":"mail-organized-update.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mail-organized-update.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054079185123999945"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b305ed0-85cf-5f13-a286-01dfeb81edfc","created":"2026-05-12T06:00:00.000Z","modified":"2026-05-12T06:00:00.000Z","valid_from":"2026-05-12T06:00:00.000Z","name":"https://mail-organized-update.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mail-organized-update.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054079185123999945"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29cbb620-560d-5e3d-bb56-b32135e9a260","created":"2026-05-12T06:07:00.000Z","modified":"2026-05-12T06:07:00.000Z","valid_from":"2026-05-12T06:07:00.000Z","name":"seur-cdefg.vip","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'seur-cdefg.vip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054081103435084151"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d1e2391-2ffe-5c50-bedc-830475e19789","created":"2026-05-12T06:07:00.000Z","modified":"2026-05-12T06:07:00.000Z","valid_from":"2026-05-12T06:07:00.000Z","name":"http://seur-cdefg.vip","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://seur-cdefg.vip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054081103435084151"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2dd04e70-7d1f-59f5-bed1-7d9ce5693a69","created":"2026-05-12T06:21:00.000Z","modified":"2026-05-12T06:21:00.000Z","valid_from":"2026-05-12T06:21:00.000Z","name":"45.227.254.10","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.227.254.10']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054084551589106071"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--19443961-6eef-5fad-853b-46386e428584","created":"2026-05-12T06:21:00.000Z","modified":"2026-05-12T06:21:00.000Z","valid_from":"2026-05-12T06:21:00.000Z","name":"483d16bbbb25c1d0e2c05000ef8a72c3","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '483d16bbbb25c1d0e2c05000ef8a72c3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054084551589106071"}],"labels":["NetSupport","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8bde668c-f476-5829-b924-acbba505a667","created":"2026-05-12T06:59:00.000Z","modified":"2026-05-12T06:59:00.000Z","valid_from":"2026-05-12T06:59:00.000Z","name":"147.45.45.238","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '147.45.45.238']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054093972004311110"}],"labels":["ClickFix","NetSupport","booking"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7110661c-3de4-524e-a96a-305d3b2cacb1","created":"2026-05-12T06:59:00.000Z","modified":"2026-05-12T06:59:00.000Z","valid_from":"2026-05-12T06:59:00.000Z","name":"95.85.246.53","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '95.85.246.53']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054093972004311110"}],"labels":["ClickFix","NetSupport","booking"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3064f28-246e-5784-8e6c-09f1a064f23d","created":"2026-05-12T07:34:00.000Z","modified":"2026-05-12T07:34:00.000Z","valid_from":"2026-05-12T07:34:00.000Z","name":"apartuk.info","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'apartuk.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054102910099759562"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f72f201-3d8b-5b2d-ad3a-6b2f45ecf620","created":"2026-05-12T07:34:00.000Z","modified":"2026-05-12T07:34:00.000Z","valid_from":"2026-05-12T07:34:00.000Z","name":"http://www.apartuk.info/hpum/index.php?account=w4naf290","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://www.apartuk.info/hpum/index.php?account=w4naf290']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054102910099759562"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--46ea6e2a-9dd7-5328-a1c6-d78290d4a05a","created":"2026-05-12T07:41:00.000Z","modified":"2026-05-12T07:41:00.000Z","valid_from":"2026-05-12T07:41:00.000Z","name":"fazexmd.com","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'fazexmd.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2054104731090293040"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b2ae262-aad0-5fec-9bea-6253ad83ca6c","created":"2026-05-12T07:41:00.000Z","modified":"2026-05-12T07:41:00.000Z","valid_from":"2026-05-12T07:41:00.000Z","name":"https://fazexmd.com/wordpress/fark/","description":"IOC reported by @ShadowOpCode on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://fazexmd.com/wordpress/fark/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/ShadowOpCode/status/2054104731090293040"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--086521e2-2909-565b-8241-ba6ecb7d2c0f","created":"2026-05-12T08:00:00.000Z","modified":"2026-05-12T08:00:00.000Z","valid_from":"2026-05-12T08:00:00.000Z","name":"eharmonyesec.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'eharmonyesec.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054109372112892340"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d608b0a8-c1ba-5418-a2cb-6c2b9a90f197","created":"2026-05-12T08:00:00.000Z","modified":"2026-05-12T08:00:00.000Z","valid_from":"2026-05-12T08:00:00.000Z","name":"https://eharmonyesec.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://eharmonyesec.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054109372112892340"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6fee105-b3d9-5d2a-9934-869c1d1ea67c","created":"2026-05-12T08:14:00.000Z","modified":"2026-05-12T08:14:00.000Z","valid_from":"2026-05-12T08:14:00.000Z","name":"e-stat.online-k1.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.online-k1.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054113088534880473"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--03330e5d-5cda-551f-9bf1-316ce3186522","created":"2026-05-12T08:14:00.000Z","modified":"2026-05-12T08:14:00.000Z","valid_from":"2026-05-12T08:14:00.000Z","name":"https://e-stat.online-k1.com/home","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.online-k1.com/home']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054113088534880473"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3c1f145-e03c-509c-9a6d-9f0117f4a20d","created":"2026-05-12T08:25:00.000Z","modified":"2026-05-12T08:25:00.000Z","valid_from":"2026-05-12T08:25:00.000Z","name":"873e628f5d558feb47af978f1c076903","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '873e628f5d558feb47af978f1c076903']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054115743097311540"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--56a9ad03-f00f-55ab-b546-fe6f72411f33","created":"2026-05-12T08:25:00.000Z","modified":"2026-05-12T08:25:00.000Z","valid_from":"2026-05-12T08:25:00.000Z","name":"58e5e9a7ef509920b05253aa806422fa","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '58e5e9a7ef509920b05253aa806422fa']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054115743097311540"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--00147480-81d5-513e-afec-4fd7a04cfcc7","created":"2026-05-12T08:25:00.000Z","modified":"2026-05-12T08:25:00.000Z","valid_from":"2026-05-12T08:25:00.000Z","name":"bdb677e209c25ee4839bfa3011bf4d96","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'bdb677e209c25ee4839bfa3011bf4d96']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054115743097311540"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bb704689-d4ee-53e4-9b9f-8cecd655d267","created":"2026-05-12T08:25:00.000Z","modified":"2026-05-12T08:25:00.000Z","valid_from":"2026-05-12T08:25:00.000Z","name":"73f859fe238fdd687736ed2039e1d61d","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '73f859fe238fdd687736ed2039e1d61d']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054115743097311540"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a1f3e15-9065-5674-8270-45db48e3896b","created":"2026-05-12T08:25:00.000Z","modified":"2026-05-12T08:25:00.000Z","valid_from":"2026-05-12T08:25:00.000Z","name":"9ca07ab3525782b35ec7b4a9c931fe88","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '9ca07ab3525782b35ec7b4a9c931fe88']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054115743097311540"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--653be9c6-a4c5-5b4d-afb1-37d607d2feb6","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"https://telegra.ph/tr02-05-02","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://telegra.ph/tr02-05-02']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--15dba67d-3342-5928-85e4-c3e49a7b9d9f","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"https://telegra.ph/ki06-05-02","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://telegra.ph/ki06-05-02']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a292478-f187-5e8f-a1ba-94bc92984e49","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"rentry.co","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rentry.co']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8b83f97-45d5-5ef1-804c-2313d0204248","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"https://rentry.co/zzk7opdu","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rentry.co/zzk7opdu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a68c1eb-3a0b-5e4c-8a67-f296b3438419","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"rentry.org","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rentry.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8285cb69-8a49-5c16-bf53-5290c2e9edbd","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"https://rentry.org/wayc2qqz","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rentry.org/wayc2qqz']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--42a3b89f-bacb-5a14-8600-b3f7b5542c0f","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"codeberg.org","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'codeberg.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--430ae76f-f9c8-5770-b78c-c7544dee435f","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"https://codeberg.org/etienne74/guix/raw/branch/master/.gitignore","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://codeberg.org/etienne74/guix/raw/branch/master/.gitignore']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6e7d768-e9fd-5854-9910-e95697c2c1f8","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"2wxjoz6lkdxkniksujbdknkugweemx7uvxdr4ejgyipce4tnvktvbvqd.onion","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '2wxjoz6lkdxkniksujbdknkugweemx7uvxdr4ejgyipce4tnvktvbvqd.onion']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c79a7bcc-57e1-56a7-85c4-0dfc7892b948","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"http://2wxjoz6lkdxkniksujbdknkugweemx7uvxdr4ejgyipce4tnvktvbvqd.onion/t","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://2wxjoz6lkdxkniksujbdknkugweemx7uvxdr4ejgyipce4tnvktvbvqd.onion/t']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1306a374-9eca-55e4-84f0-88e20752e6f8","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"parkspringshotel.com","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'parkspringshotel.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be52888c-bc83-5877-b7a7-5e7c1fbc031e","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"http://parkspringshotel.com/m/Lu6aeloo.php","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://parkspringshotel.com/m/Lu6aeloo.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29c12a15-30a2-5de8-9fa7-6a28eac51b29","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"auraguest.lk","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'auraguest.lk']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ee1e5ea-f578-5241-8ce3-6ae6f155422d","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"http://auraguest.lk/m/douV2quu.php","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://auraguest.lk/m/douV2quu.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e50d2283-00fd-5a8b-b3b3-f68957b0325f","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"172.96.172.91","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '172.96.172.91']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce053f90-e1b8-5fe3-8ab7-de94e3794c3a","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"209.133.215.178","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '209.133.215.178']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2a426da-cbac-58a0-bcd4-9e5953c5592d","created":"2026-05-12T08:42:00.000Z","modified":"2026-05-12T08:42:00.000Z","valid_from":"2026-05-12T08:42:00.000Z","name":"c81d723205a25d4cb8bab7b31889623edf5f7e94d63df0d224225b566864cec2","description":"IOC reported by @thomasklemenc on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c81d723205a25d4cb8bab7b31889623edf5f7e94d63df0d224225b566864cec2']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/thomasklemenc/status/2052715025450598904"}],"labels":["RAT","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1913680b-582a-5b55-bf08-002cb37418bb","created":"2026-05-12T09:13:00.000Z","modified":"2026-05-12T09:13:00.000Z","valid_from":"2026-05-12T09:13:00.000Z","name":"45387425929d60b59f8d06c1c07f3e399eac8c5289f234bb5a26912509266fd0","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '45387425929d60b59f8d06c1c07f3e399eac8c5289f234bb5a26912509266fd0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2054127872173019157"}],"labels":["APT","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b1e84bd1-fb18-591a-8652-be0ff58582b7","created":"2026-05-12T09:17:00.000Z","modified":"2026-05-12T09:17:00.000Z","valid_from":"2026-05-12T09:17:00.000Z","name":"zinixpro.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zinixpro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054128749310841345"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad9b3e20-ceba-5776-b2a1-e1d66bb1aa95","created":"2026-05-12T09:17:00.000Z","modified":"2026-05-12T09:17:00.000Z","valid_from":"2026-05-12T09:17:00.000Z","name":"http://zinixpro.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://zinixpro.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054128749310841345"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--60f88661-90cc-500b-8fc4-1aa20bff95f1","created":"2026-05-12T09:17:00.000Z","modified":"2026-05-12T09:17:00.000Z","valid_from":"2026-05-12T09:17:00.000Z","name":"604b9636828b9fa4e65b3378a8af65c1035ba9905a72a64b760a9541694aae1c","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '604b9636828b9fa4e65b3378a8af65c1035ba9905a72a64b760a9541694aae1c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054128749310841345"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--96088178-a205-5756-8f65-265ab1592f35","created":"2026-05-12T09:20:00.000Z","modified":"2026-05-12T09:20:00.000Z","valid_from":"2026-05-12T09:20:00.000Z","name":"kollins.co.za","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kollins.co.za']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054129672888127979"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--db6e3c1f-688c-5c78-9689-af8c62820350","created":"2026-05-12T09:20:00.000Z","modified":"2026-05-12T09:20:00.000Z","valid_from":"2026-05-12T09:20:00.000Z","name":"http://kollins.co.za/bn.js","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kollins.co.za/bn.js']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054129672888127979"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fb3d793f-2359-5cc4-a672-526bcb3a12db","created":"2026-05-12T09:20:00.000Z","modified":"2026-05-12T09:20:00.000Z","valid_from":"2026-05-12T09:20:00.000Z","name":"http://kollins.co.za/test.pdf","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kollins.co.za/test.pdf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054129672888127979"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3000433-64f7-57db-bb31-bbcd347c2b3a","created":"2026-05-12T09:20:00.000Z","modified":"2026-05-12T09:20:00.000Z","valid_from":"2026-05-12T09:20:00.000Z","name":"5eb9c0577c817e6053ed0658b20e97e0f60077df817f68462ed1f3b243bc0572","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '5eb9c0577c817e6053ed0658b20e97e0f60077df817f68462ed1f3b243bc0572']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054129672888127979"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8a46760-dcc5-522b-89d7-6d791b1c2a65","created":"2026-05-12T09:22:00.000Z","modified":"2026-05-12T09:22:00.000Z","valid_from":"2026-05-12T09:22:00.000Z","name":"0de9cc3daa4dc11053c6b43635355c95b6f51f19f617764efb0e0f2729d01e91","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '0de9cc3daa4dc11053c6b43635355c95b6f51f19f617764efb0e0f2729d01e91']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054130180021510571"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--fae2ef7a-8ad1-5f1e-b7f4-3b3148f65409","created":"2026-05-12T09:48:00.000Z","modified":"2026-05-12T09:48:00.000Z","valid_from":"2026-05-12T09:48:00.000Z","name":"git-tanstack.com","description":"IOC reported by @SocketSecurity on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'git-tanstack.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SocketSecurity/status/2054048025081737446"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5b161b21-c487-5043-aa91-aee92e4dba6a","created":"2026-05-12T09:48:00.000Z","modified":"2026-05-12T09:48:00.000Z","valid_from":"2026-05-12T09:48:00.000Z","name":"http://git-tanstack.com/transformers","description":"IOC reported by @SocketSecurity on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://git-tanstack.com/transformers']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/SocketSecurity/status/2054048025081737446"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8e8b0b87-034f-5b1f-977d-8c5a3fd61458","created":"2026-05-12T09:52:00.000Z","modified":"2026-05-12T09:52:00.000Z","valid_from":"2026-05-12T09:52:00.000Z","name":"76c19e4e9e4d24ea1e5a7b795ac6301093f59c15bea4a72f0daa5cda312424ae","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '76c19e4e9e4d24ea1e5a7b795ac6301093f59c15bea4a72f0daa5cda312424ae']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2054137739826835823"}],"labels":["infostealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c8ea862-a0e4-5cb7-bd36-86f8cef7ff62","created":"2026-05-12T10:00:00.000Z","modified":"2026-05-12T10:00:00.000Z","valid_from":"2026-05-12T10:00:00.000Z","name":"program-shopee22.blogspot.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'program-shopee22.blogspot.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054139593369309196"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14d1c490-f0e2-5880-beb7-92dc71fb1344","created":"2026-05-12T10:00:00.000Z","modified":"2026-05-12T10:00:00.000Z","valid_from":"2026-05-12T10:00:00.000Z","name":"https://program-shopee22.blogspot.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://program-shopee22.blogspot.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054139593369309196"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b65a164-65b7-5e77-bf77-20b8224943ab","created":"2026-05-12T10:27:00.000Z","modified":"2026-05-12T10:27:00.000Z","valid_from":"2026-05-12T10:27:00.000Z","name":"illuminanceglobal.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'illuminanceglobal.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2054146443292578269"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6707477-b12a-57f7-b679-b11618081593","created":"2026-05-12T10:27:00.000Z","modified":"2026-05-12T10:27:00.000Z","valid_from":"2026-05-12T10:27:00.000Z","name":"https://illuminanceglobal.com","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://illuminanceglobal.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2054146443292578269"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04680c81-d96e-5f7e-a5c6-80df09abdc5c","created":"2026-05-12T11:06:00.000Z","modified":"2026-05-12T11:06:00.000Z","valid_from":"2026-05-12T11:06:00.000Z","name":"njifjuhgh.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'njifjuhgh.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2054156236883714493"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b96b2b28-85d6-50de-9dc0-7249cb1fa481","created":"2026-05-12T11:06:00.000Z","modified":"2026-05-12T11:06:00.000Z","valid_from":"2026-05-12T11:06:00.000Z","name":"http://njifjuhgh.top","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://njifjuhgh.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2054156236883714493"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7503b3e9-48c0-57b3-8f85-a8799c98f7ee","created":"2026-05-12T11:06:00.000Z","modified":"2026-05-12T11:06:00.000Z","valid_from":"2026-05-12T11:06:00.000Z","name":"7263622822694fc8c2720974c31b5c12b2fdc864ce496ab4f6da57e8c361b59b","description":"IOC reported by @Malwarehunterr on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '7263622822694fc8c2720974c31b5c12b2fdc864ce496ab4f6da57e8c361b59b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Malwarehunterr/status/2054156236883714493"}],"labels":["malware","phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3696b917-78bf-56da-84c0-d41e418bd773","created":"2026-05-12T11:06:00.000Z","modified":"2026-05-12T11:06:00.000Z","valid_from":"2026-05-12T11:06:00.000Z","name":"http://157.230.222.44/payload.php","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://157.230.222.44/payload.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054156317858693553"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--82cd6737-5b44-5824-be31-4dbea33f1a15","created":"2026-05-12T11:06:00.000Z","modified":"2026-05-12T11:06:00.000Z","valid_from":"2026-05-12T11:06:00.000Z","name":"157.230.222.44","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '157.230.222.44']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054156317858693553"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--13cc8247-5a5c-58e3-ab9b-3c120329e28c","created":"2026-05-12T11:06:00.000Z","modified":"2026-05-12T11:06:00.000Z","valid_from":"2026-05-12T11:06:00.000Z","name":"904cee0e70cf6625790b9355993a02d41f88f21ab5ab376f6c08aae649c5fad0","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '904cee0e70cf6625790b9355993a02d41f88f21ab5ab376f6c08aae649c5fad0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054156317858693553"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--953fb54f-7c69-5a87-8fd6-275bdfde64fb","created":"2026-05-12T11:22:00.000Z","modified":"2026-05-12T11:22:00.000Z","valid_from":"2026-05-12T11:22:00.000Z","name":"s-0s23dlg1u8lo.s3.us-east-2.amazonaws.com","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 's-0s23dlg1u8lo.s3.us-east-2.amazonaws.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054160220021215496"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3883d82f-a0b8-58e0-9ffd-596de481cae8","created":"2026-05-12T11:22:00.000Z","modified":"2026-05-12T11:22:00.000Z","valid_from":"2026-05-12T11:22:00.000Z","name":"https://s-0s23dlg1u8lo.s3.us-east-2.amazonaws.com/Mone.msi","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://s-0s23dlg1u8lo.s3.us-east-2.amazonaws.com/Mone.msi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054160220021215496"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa5a9c44-35fb-5dd1-a513-0ad6af0f1106","created":"2026-05-12T11:22:00.000Z","modified":"2026-05-12T11:22:00.000Z","valid_from":"2026-05-12T11:22:00.000Z","name":"7ad98274c5b35f178aa65fc75c1ba675","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '7ad98274c5b35f178aa65fc75c1ba675']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054160220021215496"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc4c5e8e-2b3e-5c2a-be3f-94aab54e3dde","created":"2026-05-12T11:22:00.000Z","modified":"2026-05-12T11:22:00.000Z","valid_from":"2026-05-12T11:22:00.000Z","name":"d6c89a7d313aca48f9ac787d27447234","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'd6c89a7d313aca48f9ac787d27447234']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054160220021215496"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--140cb308-df2a-5c3e-a4d3-08796aeed1cc","created":"2026-05-12T12:00:00.000Z","modified":"2026-05-12T12:00:00.000Z","valid_from":"2026-05-12T12:00:00.000Z","name":"skymailups.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'skymailups.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054169777669566646"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--496ef5b9-5d2e-5fe9-b90e-16d7d62497fa","created":"2026-05-12T12:00:00.000Z","modified":"2026-05-12T12:00:00.000Z","valid_from":"2026-05-12T12:00:00.000Z","name":"https://skymailups.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://skymailups.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054169777669566646"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f18673d3-8632-5c5a-b821-6cecf66ba464","created":"2026-05-12T13:40:00.000Z","modified":"2026-05-12T13:40:00.000Z","valid_from":"2026-05-12T13:40:00.000Z","name":"macspaceclean.framer.ai","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'macspaceclean.framer.ai']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054195051551687069"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c178322-ebd0-5364-bfe7-e8c3f7b33c8d","created":"2026-05-12T13:40:00.000Z","modified":"2026-05-12T13:40:00.000Z","valid_from":"2026-05-12T13:40:00.000Z","name":"http://macspaceclean.framer.ai","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://macspaceclean.framer.ai']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054195051551687069"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71a7fdc1-f4e2-5794-aa0b-db2c0d3e1126","created":"2026-05-12T13:40:00.000Z","modified":"2026-05-12T13:40:00.000Z","valid_from":"2026-05-12T13:40:00.000Z","name":"landishivpole.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'landishivpole.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054195051551687069"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dd93b8ea-9cda-5771-b269-a93e46a433b6","created":"2026-05-12T13:40:00.000Z","modified":"2026-05-12T13:40:00.000Z","valid_from":"2026-05-12T13:40:00.000Z","name":"http://landishivpole.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://landishivpole.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054195051551687069"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed55121f-6af0-5cff-92cf-fe81f5674f80","created":"2026-05-12T14:18:00.000Z","modified":"2026-05-12T14:18:00.000Z","valid_from":"2026-05-12T14:18:00.000Z","name":"kw-con.cyou","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kw-con.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2054204615088837105"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fd4d76a8-ca83-5894-99f0-89008b10aa29","created":"2026-05-12T14:18:00.000Z","modified":"2026-05-12T14:18:00.000Z","valid_from":"2026-05-12T14:18:00.000Z","name":"http://kw-con.cyou","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kw-con.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2054204615088837105"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12ca8fe0-ac2b-52f0-8813-1cce5fc36a3e","created":"2026-05-12T14:18:00.000Z","modified":"2026-05-12T14:18:00.000Z","valid_from":"2026-05-12T14:18:00.000Z","name":"kw-coc.cyou","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kw-coc.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2054204615088837105"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dae99bf2-f331-5943-9de3-c10c092d8f23","created":"2026-05-12T14:18:00.000Z","modified":"2026-05-12T14:18:00.000Z","valid_from":"2026-05-12T14:18:00.000Z","name":"http://kw-coc.cyou","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kw-coc.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2054204615088837105"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c42cf84-6630-5257-bf82-54f8196e8d1d","created":"2026-05-12T14:18:00.000Z","modified":"2026-05-12T14:18:00.000Z","valid_from":"2026-05-12T14:18:00.000Z","name":"kw-com.cyou","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kw-com.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2054204615088837105"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12774546-4262-5fc7-9da4-22212c16e092","created":"2026-05-12T14:18:00.000Z","modified":"2026-05-12T14:18:00.000Z","valid_from":"2026-05-12T14:18:00.000Z","name":"http://kw-com.cyou","description":"IOC reported by @Q8CyberTi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://kw-com.cyou']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Q8CyberTi/status/2054204615088837105"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c6e0286-b49f-5163-bbb8-ded24d90f064","created":"2026-05-12T15:04:00.000Z","modified":"2026-05-12T15:04:00.000Z","valid_from":"2026-05-12T15:04:00.000Z","name":"youngest-black-lsm7dke7zn-70r72xpafy.edgeone.app","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'youngest-black-lsm7dke7zn-70r72xpafy.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054216226621276544"}],"labels":["C2","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40025a86-7d42-5724-ab37-bfd162becacd","created":"2026-05-12T15:04:00.000Z","modified":"2026-05-12T15:04:00.000Z","valid_from":"2026-05-12T15:04:00.000Z","name":"http://youngest-black-lsm7dke7zn-70r72xpafy.edgeone.app","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://youngest-black-lsm7dke7zn-70r72xpafy.edgeone.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054216226621276544"}],"labels":["C2","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e0fe137-202e-51f4-a0e4-b6cacfbb2cfd","created":"2026-05-12T15:04:00.000Z","modified":"2026-05-12T15:04:00.000Z","valid_from":"2026-05-12T15:04:00.000Z","name":"http://43.152.26.58","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://43.152.26.58']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054216226621276544"}],"labels":["C2","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6558c6b5-3029-5912-8387-65b65e695e00","created":"2026-05-12T15:04:00.000Z","modified":"2026-05-12T15:04:00.000Z","valid_from":"2026-05-12T15:04:00.000Z","name":"43.152.26.58","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.152.26.58']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054216226621276544"}],"labels":["C2","stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7415813e-d298-59b7-9709-11cdeefc8a91","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://157.230.222.44","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://157.230.222.44']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7916437a-0e83-5a2c-8a0f-0e90a19c2ae7","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://162.141.111.227","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://162.141.111.227']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--06cfb4fd-e83f-5f9d-8d0a-b295d00a41cd","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://177.54.150.13","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://177.54.150.13']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0cb66bf8-6bb7-5cb0-9ec1-18cbe37be397","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://181.214.221.235","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://181.214.221.235']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9228348f-81aa-5dc0-ba49-478b770d3018","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://181.214.221.242","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://181.214.221.242']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--53fdcbbf-4acb-5e65-a3eb-b86f3bbcbafa","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://200.9.155.40","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://200.9.155.40']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--91f2c57c-1808-5dee-ae0e-d572d9315c4b","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://37.148.135.245","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://37.148.135.245']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba4f3b00-7971-54a4-b776-cf54d1fd3493","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://162.141.111.227:443","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://162.141.111.227:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b1d06e6-6f98-56d4-a626-2e1d72d324da","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://177.54.150.13:443","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://177.54.150.13:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6fd75c7f-fb62-547d-9fe4-d8db8add2b26","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://181.214.221.235:443","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://181.214.221.235:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--32122758-6d79-53d4-af58-1a7e815b64c0","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://181.214.221.242:443","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://181.214.221.242:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--364d272c-b315-5927-9ec4-cbfb386a9736","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://200.9.155.40:6000","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://200.9.155.40:6000']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--184625f6-a234-55de-b2c0-8935b23a07ec","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"http://200.9.155.40:8080","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://200.9.155.40:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d71e966-fbd2-55fc-8093-61e7b51b90e2","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"162.141.111.227","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '162.141.111.227']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--869e7c72-7520-53aa-a098-3eca345f0a55","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"177.54.150.13","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '177.54.150.13']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9c57ded-02da-5f33-88eb-0f08e3fd3890","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"181.214.221.235","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '181.214.221.235']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ce37a35-19e4-54a5-8ac1-83629027ff36","created":"2026-05-12T15:12:00.000Z","modified":"2026-05-12T15:12:00.000Z","valid_from":"2026-05-12T15:12:00.000Z","name":"181.214.221.242","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '181.214.221.242']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218220576407854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--27dc4c8f-9bbd-581b-92bb-9f519288aaf4","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://200.9.155.40:8081","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://200.9.155.40:8081']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--60586ff7-abea-5f54-af61-a7201b524bea","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://200.9.155.40:8888","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://200.9.155.40:8888']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e1457a6-7855-58ee-8af7-35ef13879d5b","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://37.148.135.245:443","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://37.148.135.245:443']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b46935c-4726-5669-9c62-39badaeffa4c","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"cdn-relay.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cdn-relay.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--20fe6d53-36de-513d-a931-4b013f099ab7","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://cdn-relay.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cdn-relay.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0d72c9a-7e97-5439-a6d3-a580ca85c645","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"windowlp-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'windowlp-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e861e87-b24b-5913-ad62-15a3d54a690c","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://windowlp-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://windowlp-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffc91074-3a3f-550e-949f-a9082b0c6e96","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"windowsk-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'windowsk-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c53aeca0-5744-5e7e-9f63-7b75afbdfa8f","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://windowsk-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://windowsk-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ebf93eda-c285-5820-a8d0-52fc0830e54d","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"windowsupdate-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'windowsupdate-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8ffb1d6-6f22-56b8-9a9f-c9f6fff391ec","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://windowsupdate-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://windowsupdate-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7df9c51f-5a7e-5d82-989b-207bc0e15e12","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"c.windowlp-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'c.windowlp-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed5f0600-806c-57d5-8261-7008e4be5822","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://c.windowlp-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://c.windowlp-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6862914-480b-52f0-8872-09054833ca98","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"c.windowsk-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'c.windowsk-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--44be9286-205b-53ce-ac82-becf58338d45","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://c.windowsk-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://c.windowsk-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa8c68c7-e024-5272-9c62-d41596095f73","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"uniplus.cktech.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uniplus.cktech.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--95212223-08f8-588e-964c-d732df9985e1","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://uniplus.cktech.info","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uniplus.cktech.info']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bdcc0546-38a5-5b5a-81f5-9667d44a10b6","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"wss.windowsupdate-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wss.windowsupdate-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--243a7bf3-b02a-5c78-bda2-e8cf6cec3547","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"http://wss.windowsupdate-cdn.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://wss.windowsupdate-cdn.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c0ba73e-945e-59e3-baf1-b9ee10997938","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"200.9.155.40","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '200.9.155.40']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3f01617-115c-53d2-a0ec-4ed9feb5b938","created":"2026-05-12T15:13:00.000Z","modified":"2026-05-12T15:13:00.000Z","valid_from":"2026-05-12T15:13:00.000Z","name":"37.148.135.245","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '37.148.135.245']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054218319931064736"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--79169fdc-558a-55bb-ae05-d0f9fc1e9fee","created":"2026-05-12T16:00:00.000Z","modified":"2026-05-12T16:00:00.000Z","valid_from":"2026-05-12T16:00:00.000Z","name":"luuizpaes.github.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'luuizpaes.github.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054230163106238717"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66d607e2-68cc-5afb-8bd2-10ff6956359f","created":"2026-05-12T16:00:00.000Z","modified":"2026-05-12T16:00:00.000Z","valid_from":"2026-05-12T16:00:00.000Z","name":"http://luuizpaes.github.io/netflix-page/","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://luuizpaes.github.io/netflix-page/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054230163106238717"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd3697e9-822e-5709-8339-d39c3cd891e3","created":"2026-05-12T18:00:00.000Z","modified":"2026-05-12T18:00:00.000Z","valid_from":"2026-05-12T18:00:00.000Z","name":"kucoinlogiu.gitbook.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kucoinlogiu.gitbook.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054260375277769135"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d87b783-e8da-57bc-89d4-a528b9450a2d","created":"2026-05-12T18:00:00.000Z","modified":"2026-05-12T18:00:00.000Z","valid_from":"2026-05-12T18:00:00.000Z","name":"https://kucoinlogiu.gitbook.io","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://kucoinlogiu.gitbook.io']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054260375277769135"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f59fbe8-27c1-5b56-89ac-d2f60993ebe3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"npchannel25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'npchannel25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--32b7b7f5-ec06-5527-87b1-14aaf07c142f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://npchannel25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://npchannel25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99f59195-c7ef-5698-a80e-d2d3283bd1eb","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"npload-mdoc13s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'npload-mdoc13s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--11cf9a31-d74b-5102-97af-7d4ce3b5075d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://npload-mdoc13s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://npload-mdoc13s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d751c8f-9717-56e9-afdf-4ff98746cddf","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"npload-mdoc23s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'npload-mdoc23s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--80219a0b-4626-5df9-b62b-d544f879182a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://npload-mdoc23s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://npload-mdoc23s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89366d60-6af4-51bb-a57f-65df8ceabb00","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"npload-mdoc39s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'npload-mdoc39s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a379124a-08c3-5672-9c6d-45f2b87e4559","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://npload-mdoc39s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://npload-mdoc39s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d489c45-d235-5fba-a856-372cb979517b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"npload-mdoc12s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'npload-mdoc12s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f262b563-b71f-56d4-ac18-69975b6ce27f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://npload-mdoc12s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://npload-mdoc12s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--129cae1a-ec24-5ea6-a6ee-22616bbca7af","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nid.npload-mdoc12s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.npload-mdoc12s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4154065f-d0db-5b6b-89dc-791deede27ef","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nid.npload-mdoc12s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.npload-mdoc12s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81aeca73-d56f-5b5e-ada1-1b2e4e180359","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nrec-taxdoc10s.yyuyy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nrec-taxdoc10s.yyuyy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--493b44d1-4571-51f8-98c1-40fc9d1e90a5","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nrec-taxdoc10s.yyuyy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nrec-taxdoc10s.yyuyy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b58aaba-384e-5e01-9ca3-052a70c6f8fe","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nrec-taxdoc19s.yyuyy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nrec-taxdoc19s.yyuyy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b25637bb-a541-5ae8-85ba-c27ba97c60a9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nrec-taxdoc19s.yyuyy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nrec-taxdoc19s.yyuyy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--21852d26-298b-531c-b732-c2515614a241","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nid.nrec-taxdoc19s.yyuyy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.nrec-taxdoc19s.yyuyy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e54625d-841b-5c2b-8685-cd10e389c008","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nid.nrec-taxdoc19s.yyuyy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.nrec-taxdoc19s.yyuyy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63071d23-6193-5b57-9a59-c76444a1fa8c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nid.nrec-taxdoc10s.yyuyy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.nrec-taxdoc10s.yyuyy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--74774c43-73ea-5f96-ac7d-2041a50a972f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nid.nrec-taxdoc10s.yyuyy.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.nrec-taxdoc10s.yyuyy.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d52563fb-9114-53c2-96ee-6cfc96ee9c6e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc45s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc45s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e978cb41-3c00-5003-87e8-c9676818f1b3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc45s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc45s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f09d477-643d-51e2-9493-45f7efd19b86","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc0s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc0s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83f78d6e-47f3-5e60-9d6d-febde04cb3a6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc0s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc0s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f59562d1-df9f-5e18-a504-1675de424149","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc49s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc49s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a9b5481-39f6-5b92-95a1-08e2fe5ab973","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc49s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc49s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36d6795d-1c8e-5691-9b74-16f72ac3801c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc19s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc19s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4b6e23e-6d90-5a47-8f8a-8ce315e5d37b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc19s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc19s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cd7d46b-2641-5843-b127-70da7f2addc2","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc87s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc87s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91bfdf1c-dc50-5419-89f9-1b810c76d445","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc87s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc87s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8a156f1-08a6-5a63-baad-d8cd7b75f3d1","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"edoc.ntkeep-udoc62s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edoc.ntkeep-udoc62s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dbdffd21-9a10-53ce-a877-d154bf4e6734","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://edoc.ntkeep-udoc62s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edoc.ntkeep-udoc62s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f736e38c-7aee-5170-b6cc-8a9b50ce8f9f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc62s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc62s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23545a31-37d6-5f29-bf9a-0c398863b8c7","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc62s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc62s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--01bae8cc-7fcb-5a4c-b488-31046a4c4802","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc30s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc30s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--baf22dd0-18be-5ffa-b79f-9d5abebef23a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc30s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc30s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0cf72b18-82aa-56f5-b857-33ec4614ef73","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc2s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc2s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d324f15b-3532-5124-8ba1-fcee519c1589","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc2s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc2s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47a3e773-072f-5d73-b785-adca547519fa","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc72s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc72s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4990641-5f69-57d8-a391-2e29421b8a25","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc72s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc72s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4742b55-d7cf-5e05-801a-3f315665f5a6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntkeep-udoc51s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntkeep-udoc51s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8fc7428-5eb2-5ac0-ad10-98b3178de50f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntkeep-udoc51s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntkeep-udoc51s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23dda3ca-ec87-5f5a-a958-c1d2d6473ff6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--318481af-59a5-54c3-b3d3-e7ca2e02ccfc","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--da762423-c1d6-530d-a31a-0cf2f63b9c0f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nlmsuser5doc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nlmsuser5doc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5d1b97d-05ef-56cd-af46-311060c9de48","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nlmsuser5doc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nlmsuser5doc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50fa2e2a-45ec-5239-a8ec-bb898fcb4473","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc39s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc39s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59585c26-4b01-52d6-9172-071a12e2801f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc39s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc39s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffd108ec-928f-5ea6-a63b-45df2b8fb747","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usernps-mid68s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usernps-mid68s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2dcf018-89a3-50f2-a545-94472d6de1c1","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usernps-mid68s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usernps-mid68s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b88af220-1602-5c9d-b273-4ff1f72a923c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usernps-mid77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usernps-mid77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f2db76d-2b60-51fe-a6dd-478eb165b3ed","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usernps-mid77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usernps-mid77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05968b06-c39e-5bec-8daa-583e47127348","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usernps-mid69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usernps-mid69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eac63944-6fb1-5a7b-83e2-f2c2d4638f0f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usernps-mid69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usernps-mid69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea1a2219-41f0-5a81-ae47-07f2e346a0c6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usernps-mid33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usernps-mid33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d2148d23-7bf2-5506-a830-42723d6ec9f9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usernps-mid33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usernps-mid33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6abc8821-0869-588e-89bb-0549b7d8718f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usernps-mid94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usernps-mid94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d5d1b99-d8dc-5530-92b7-00e92cd2a332","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usernps-mid94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usernps-mid94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--702d31f9-3109-5dc2-9d89-d100ba1a0758","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nhpolercm10v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm10v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--91d43eca-78b1-5723-956c-d1fef76f44c2","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nhpolercm10v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm10v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2bf4245-435e-52e9-83dc-87e952afcf26","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usernps-mid21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usernps-mid21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--030e981a-2ab9-574b-bf40-f3bfd7125d4a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usernps-mid21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usernps-mid21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6d034fe-caee-5cd4-80bb-2b2b58e8c32e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64e625e3-41c3-502c-96a1-7ae12b274422","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1f07625-87fe-56dc-a6d9-cfc9c8029651","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usr.usernps-mid21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usr.usernps-mid21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf5b0f55-39d3-53d6-994e-4b0f35187cda","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usr.usernps-mid21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usr.usernps-mid21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--593ba1e9-370a-5183-8bf8-7b6bb9450cb8","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"polercm-53v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'polercm-53v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4a3e72c-23a5-5f75-b57a-6f631ef6e2f9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://polercm-53v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://polercm-53v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82249a36-5fe3-5518-bf09-45b48797267e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice13s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice13s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18339bc6-7cf3-5fbd-bb3b-89c79b654975","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice13s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice13s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f058c0d6-4d38-5aa9-9d64-9cbf7ff731e9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37e5c17b-9dcf-5199-b540-be2fb2818679","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a1ce473-988e-510d-af05-48b1a83b0ab9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b0396e0-c035-5cb4-83c8-df7dc6cf9e38","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk95s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk95s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c69886f9-d281-51cd-9451-d16510261f44","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05ad595e-e3d3-572e-a7da-6c1c8106badd","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d62s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d62s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31d93fc6-12fb-5bea-95a6-672723bcb0c7","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ae1e3e9-3680-57d7-9ab4-9c492fc2d2be","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3eebbe1d-7e8e-5009-9d36-e3bd9c2d6924","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a87ae92d-79ac-5613-ab7d-4e15305743f5","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e628dc9-3559-5a19-b124-eb8afa458b0f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac6f2be5-7e35-5f0c-bcc1-437001ff80ff","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d49s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d49s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fb0e7a9-db01-5349-92a3-ddfdc5ae8071","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f5907be-3ebd-51a8-8b0a-a33853090edf","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice3s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice3s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76f48c4b-1811-538b-9c52-28ddbe6f841e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10339404-9ec7-548d-ac3a-7bfd02c18101","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice11s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice11s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b8c415d-8ffa-5ace-a118-42f4e5aa4ee3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice4s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice4s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02cc4820-48e3-5f5f-9e24-78e2f68579a2","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice4s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice4s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26390f16-75b5-54af-81a9-48a36bcdb0b3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emspol3s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol3s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fce95b9f-ba37-5c07-97b6-9c33f70c2879","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emspol3s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol3s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fab18e85-9c24-50d8-9df7-6a8fb9671862","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newpolinf6s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf6s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62a95916-57a2-57b1-9bbc-90e6e417e4b3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newpolinf6s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf6s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62b94d13-3f2c-562b-8661-e3a03a09837f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"docinfo.ercm-uinvoice12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ercm-uinvoice12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61394b61-3a8a-54ce-8122-0f0fb4f91daf","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://docinfo.ercm-uinvoice12s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ercm-uinvoice12s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea093949-ec87-52cc-ad5b-555e0c5a0a9b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"docinfo.ercm-uinvoice13s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ercm-uinvoice13s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--160e1bee-c21b-5dcf-9c0a-260018d497cf","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://docinfo.ercm-uinvoice13s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ercm-uinvoice13s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c57a1766-23a1-536a-90f2-6f84905b03ae","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b731a9fd-291d-5c44-969a-31c46b5736ca","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b759659-61c2-5966-a233-53cca3d8979f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc522080-7cad-5c8b-aa5d-af67b1e685f7","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7ac03b5-a28d-5415-844e-6e193ec5d41f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a96995b-dc2e-56a2-92f5-7ec2fde9618e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ae7474e-1f11-5de7-b1d3-613691bb02a3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newaltercm34s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm34s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1012f71-6db1-573b-8208-64225bc019d4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newaltercm34s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm34s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ee788fa-cb3d-5ea5-931c-e8726207a521","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c0a0d990-7172-5573-9d10-380b119f5d4a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa08d415-9ed2-58fa-a192-b5a8450e94c4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice90s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice90s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf047296-4d9f-518a-9a28-749d3467d7cb","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice90s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice90s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fce42b7-ee86-57e5-95fb-49502e70ce43","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice74s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice74s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--930a7be9-762f-5322-9f39-88ae22641ca9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice74s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice74s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--411c6edf-80b0-573d-bfe3-22902f560c92","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc5s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc5s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--943455a8-29c8-53d4-acb2-279eb91d562d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc5s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc5s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef3607ab-9138-5e8e-b85f-9ccdf36f9690","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ssltest1.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ssltest1.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--313119c3-8015-55cc-9e8f-4011fdbfc405","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ssltest1.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ssltest1.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76ed39fb-3e7a-5e13-9fbc-19b3552e0f9b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d868985-d832-5730-9e18-25c5f74968c4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62136d17-080a-5f17-88be-c1139a50d5ce","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice1s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice1s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f6a41b6-81dc-50fe-ac74-d0203b43ee6c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice1s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice1s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--79074b20-2f61-5117-b155-55131ae8fe99","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--822b5ab9-e89e-58d2-a272-b5f72859b3fd","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--552c3aff-8cfc-5e75-af5b-bcb2741c2756","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice83s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice83s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e1f3d60e-2862-5209-b999-2603e28bad08","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice83s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice83s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e3ab8f9-0893-5b38-b01a-10f0259ca34a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a9ed0a6-59ec-5fe5-969c-5fa3d60d10c1","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--75b26cf7-f9a0-51a7-9f9a-33edfadac4f4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a665277-7d8f-5c84-abd2-03d892d0dc55","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b1533031-f223-522a-ad4b-9e8339abab61","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newaltercm40s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm40s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4febd434-034d-56eb-a07d-3a72dd4351da","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newaltercm40s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm40s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39b8b726-0b5f-5b64-8636-6c1ff3f8b3d4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nid.ndeliver-d10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ndeliver-d10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1dc9eee2-b274-575d-a6f0-6f135a61099d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nid.ndeliver-d10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ndeliver-d10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--676cb504-1373-50d1-adb9-6f794f9c2df4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usr.ercm-uinvoice25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usr.ercm-uinvoice25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3375497-3771-5f68-9eee-287f1096939a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usr.ercm-uinvoice25s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usr.ercm-uinvoice25s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00eddc4a-5e17-5d5f-a5ad-b3ca6b6e9c63","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercm-uinvoice75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercm-uinvoice75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aa914ae5-6d09-572b-bba8-9f6f97f1dd36","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercm-uinvoice75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercm-uinvoice75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4a17a89-a7a9-5ffc-be65-80dec8b73c42","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"docinfo.ercm-uinvoice72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ercm-uinvoice72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5d13af4-3e7c-59bd-a406-f67a1ffce9cc","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://docinfo.ercm-uinvoice72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ercm-uinvoice72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c62d5fd-b6a7-52dc-9ece-e033290f5c5d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dae15f60-e014-5191-9392-29b29526fecb","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a514247-0a57-550c-99c6-143d4a3cedea","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d36s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d36s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--302b351f-f06a-5fb3-b360-8cb713afc2a8","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d36s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d36s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48422a00-8ddd-5bc8-a595-10b0f09a1ac2","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"invoice.ntdepchk33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.ntdepchk33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83db3dfe-4765-53e9-8014-43ffc650ba58","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://invoice.ntdepchk33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.ntdepchk33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d59b431-79cc-5e29-ab3b-264cac790189","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--218ddd62-7bd9-5d5f-b0e6-3b0fd85b6668","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d288942c-2e20-5fd1-a139-3f338fd4ede9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"invoice.ssltest1.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.ssltest1.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c95a5065-b0b9-5911-bd66-d1b8f9311a48","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://invoice.ssltest1.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.ssltest1.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a20cca3-e11e-5f14-9451-3dcaa97b86da","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nps.ssltest1.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nps.ssltest1.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--56d40863-2d60-55fb-813b-64f611a56fb9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nps.ssltest1.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nps.ssltest1.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--607774cc-4403-5d65-b674-4f5218c2a690","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nhpaddr70load.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpaddr70load.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1597ee42-6f02-5d50-bd65-a1ab3f8ce45a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nhpaddr70load.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpaddr70load.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6761b366-caa9-54da-a818-498f9c1f359c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b17faca-33ac-5535-92c8-04784255bde7","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d50s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d50s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97f19952-bc0c-5210-8772-349ad707ec86","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d32s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d32s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--38c98e9f-6a96-55b6-a643-c5e4b43a4663","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d32s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d32s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--24e6e687-2cd2-5f8b-9dbf-7e99159bf76b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"invoice.ndeliver-d23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.ndeliver-d23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--47cc526d-47e7-51e6-ab8c-f6b2b2ba08ee","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://invoice.ndeliver-d23s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.ndeliver-d23s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3df8edeb-8720-5fb5-ae0d-ccc29bfe33ce","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d19s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d19s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48ca976e-07a7-5ea0-9a86-1763d0df186b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d19s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d19s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30a24f1b-5bf8-52fe-a640-a2a0bbaf29ba","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7ed109e-24ae-5458-996d-9a8fb6da5401","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0caba74-b05d-54d3-9941-cd10cf373989","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d28s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d28s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9f2d782-3f18-5c81-8897-0fcb275a47bc","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d28s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d28s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eda7e756-6a4f-5992-9289-083167633b1f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nappstatic42svc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nappstatic42svc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--721f822f-1522-5f77-bc33-216ed4d9f966","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nappstatic42svc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nappstatic42svc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--268259d4-7fdb-57d7-bddc-4354d3d2a075","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"docinfo.ndeliver-d36s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ndeliver-d36s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8511ae0e-3b10-57ca-ac56-2a1a7be604a0","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://docinfo.ndeliver-d36s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ndeliver-d36s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fface1e2-ef64-522e-9e5a-8391f18cead5","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--efbcba1e-9642-5ae0-befe-366c68656fb6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f0b13c6-df90-57f6-af06-50d6aed7f8e7","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usr.ndeliver-d82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usr.ndeliver-d82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1cc94d00-ab18-5e7c-b4d5-b294bee25294","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usr.ndeliver-d82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usr.ndeliver-d82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0874dff2-2dee-574b-b43a-1a5709afed8e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34b9d015-bfe5-5b44-a85a-194c2667168a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a30d19ad-16fb-570b-8361-4acda36dec73","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nid.ndeliver-d57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ndeliver-d57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99005c1f-007c-5a24-b75c-80401f309d5c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nid.ndeliver-d57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ndeliver-d57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59bfac5e-8bc5-5336-b18f-daa7fec466eb","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"docinfo.ndeliver-d28s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ndeliver-d28s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--941a6a82-95fb-5a93-ad64-cc950692c3f6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://docinfo.ndeliver-d28s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ndeliver-d28s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb3b9c8e-fbcb-5ea3-ba47-9d7278843450","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d4s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d4s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0456c90e-44ff-5fff-a54a-bb0463e6880a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d4s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d4s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0605cc8b-cb73-5b7f-b6cb-cc686a3e0cde","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d8s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d8s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59579804-7a4b-544b-9024-8f4762ba2efa","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d8s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d8s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb3a6766-5eba-5a19-823c-f5dd5ff30746","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d31s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d31s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50723e8d-0a16-5a73-8d94-7a114aa541f3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d31s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d31s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--54d82cc4-7554-5c32-9d23-17a70474c628","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"polercm-41v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'polercm-41v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce68bddb-84ff-5dba-b0ee-108ef42b07da","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://polercm-41v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://polercm-41v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5da77b6-6e5c-5172-a3ae-91b03312546b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf3718b6-cf83-5a6e-9903-f8f399bef7c9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9550a40c-6f20-5506-b574-cd86696bfd8b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newpolinf42s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf42s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c8e3afa-635e-5700-8f53-54b43302535b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newpolinf42s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf42s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5278466a-8e69-54c9-acc8-780389c29596","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nmethodsrc13v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nmethodsrc13v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--244b599e-18ca-5405-86af-7481d4a514b8","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nmethodsrc13v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nmethodsrc13v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b11d01d8-6864-5771-960c-ae14e0f08198","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8cd5c13f-615d-58f0-a1e1-d2563557b377","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--19e5248a-443d-526b-a5dd-701384bfe168","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d35s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d35s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--863fe6b7-4d0b-5407-8544-315f91381cd1","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d35s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d35s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6deb3db5-6ba5-54a8-ab52-3f1ec8cbb41a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newpolinf12s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf12s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dfc280ab-67c8-5e53-a172-7819a17e97b1","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newpolinf12s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf12s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5dcb17b-fc01-5d9e-9cc7-eca0317cb846","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b464450c-9e21-5e06-9e0e-f6ae0c5b82ba","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b326d24-e24a-5c41-9c11-6d59c17f8f2a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"uofficialerc26v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uofficialerc26v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36c2f80d-53d0-5ddc-aa2f-b640d39beac4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://uofficialerc26v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uofficialerc26v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e98f870-474b-538c-816d-a7767c4b33f8","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nid.ndeliver-d35s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ndeliver-d35s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2abf4a6-6954-5576-9321-7c5ed5b6c880","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nid.ndeliver-d35s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ndeliver-d35s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3e0fae1-ee39-54ca-80bf-1c0720eeb2d6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25ed1167-d442-5aa5-9b55-0fa58779a2c3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76f15e4a-c6b6-52a5-8816-3d5c232355a4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc85s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc85s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c20ca816-900f-57bc-ab4b-7db012627008","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc85s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc85s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d389afd3-355b-53fa-9251-5170b9cfb247","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e94e96c9-cfcd-5069-ab45-12118e2032f1","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ad53562-f593-55b7-aaee-c515f263df80","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"edoc.ndeliver-d52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edoc.ndeliver-d52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--542d87ad-668a-5cfe-97ab-45f9d0f164ad","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://edoc.ndeliver-d52s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edoc.ndeliver-d52s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7881dede-d5b8-58d8-acc7-427eeedbbbfd","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"docinfo.ndeliver-d94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ndeliver-d94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9a3f6b23-1040-5fdb-aba0-a8da2b013639","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://docinfo.ndeliver-d94s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ndeliver-d94s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e16cd090-b26b-5f73-919c-faafa6717a5f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nid.ndeliver-d22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ndeliver-d22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cc2bb01-ca78-58e4-bc1b-6172040efe00","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nid.ndeliver-d22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ndeliver-d22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--516d4f8a-8e2b-54ab-a00a-966dca73fbac","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d79s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d79s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4885ed9e-080b-56dd-90b6-b80c8b8e0198","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d79s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d79s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ec0f1b3-ea79-55a9-be50-821943880e95","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc38s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc38s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02fbce79-c168-5767-bb8e-d2d0b63b30ac","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc38s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc38s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a205342c-c3a7-5c09-a606-050ac0d20687","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4df623c1-e500-50d9-970b-2c5d2c96a189","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3505cce-6a47-5cd4-a0ba-05d753334105","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nid.ndeliver-d73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.ndeliver-d73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29563ae7-6bd3-5ec3-80e7-f11ef0a44616","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nid.ndeliver-d73s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.ndeliver-d73s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40bd9ea4-87ae-5e1c-bece-c090944247d7","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"polercm-94v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'polercm-94v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--983995c9-d0c3-5649-8a1d-3ea986c68ef3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://polercm-94v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://polercm-94v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--771eaacf-d673-5afb-9ce6-7ef5d46812cb","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f7ed32b-6ea2-573c-a6f9-773594b1cad8","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc92s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc92s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d4de493-5cc8-540c-9f1d-371d35cff32f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7d01c30e-f279-5342-a45b-b7703c8a2fda","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d69s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d69s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04e302c1-e0a6-588d-bf36-db9ea0534161","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7eed5f2f-bb2b-5f80-899b-0255b044b26e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d21s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d21s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--89a5fd1e-22ce-5c12-96a4-95372319f88a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be7ad8ae-1bf6-5b47-87a4-e540f5690acf","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d33s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d33s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65320c96-139f-5a08-927b-3bccdccaf9de","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ndeliver-d40s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndeliver-d40s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cfc85b2-d239-541c-8546-c0623b8c987f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ndeliver-d40s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndeliver-d40s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85dccb0b-a85b-5a41-9462-98bfaa2eefcd","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--367674eb-9a25-5dcf-917f-100ff68cfae4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc47s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc47s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--133931c2-950c-58e2-a439-c669951fec1a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d36b4e7-2352-575b-ad36-b39d8c302e29","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc57s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc57s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b2ed046-a857-54ab-9681-371af689077f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f37d4ac9-453d-558c-a9ef-3b3ad3093a84","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc56s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc56s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--88b7b681-377c-5ef2-a9cc-60dbc09ad14c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc88s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc88s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7eb79e4-5b28-50f1-a1dc-2d604b7fbd8e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc88s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc88s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--26275801-123a-56c0-adff-4613598d3083","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emspol2s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol2s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d13db08-bdb1-5369-9a81-05da77c41dac","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emspol2s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol2s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6b8c47a-ff6a-5007-bfb2-be50f640b598","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c352616a-1963-5710-91fe-848fa9173a3d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc80s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc80s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37f7a867-4737-5ba6-b4c4-8828eefc0c63","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"edoc.ntlogodoc88s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edoc.ntlogodoc88s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9edaff60-2cbf-5e40-bc00-1b375f7e6f96","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://edoc.ntlogodoc88s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edoc.ntlogodoc88s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af8f2bc5-7f21-5dc8-95dc-98fa874482fe","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cbc149c-a34a-500c-ad02-06d9add09348","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc45s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc45s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8aa38d7f-5f1a-5329-90ca-a9d2391f9a90","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emebaspol40s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emebaspol40s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--70be92c4-c053-53f4-8ecb-9e0daaa2883c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emebaspol40s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emebaspol40s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e7416ec8-9793-5b64-970e-a3096ba4248b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c18e484d-8fd9-55ea-a452-71a05d6af5af","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77adeeb7-74d8-59b4-b7d9-362b0e8b06c0","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"invoice.ntlogodoc82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invoice.ntlogodoc82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--453fa80b-0303-5ae8-8d20-2e10eb629f6f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://invoice.ntlogodoc82s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invoice.ntlogodoc82s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f9557be-dca5-5af5-86bc-d84f9b46c21d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc32s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc32s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf3a89bb-d965-5033-9402-1ac4b80e63e9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc32s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc32s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eeb61c7e-4d16-551d-8aea-63037ca28f33","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emspol9s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol9s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3cea6c1-3ff6-5583-9bf7-01cb3e8f9b9d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emspol9s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol9s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7eb796da-4117-5727-a0b0-d5e4095136f4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntlogodoc44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntlogodoc44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5fd29e7-2187-5d78-8029-1134ad003e8d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntlogodoc44s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntlogodoc44s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02abc625-b1a5-5186-8540-a70f14a6be7f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ercorps-37load.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ercorps-37load.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ea278633-0d96-54c0-a4a4-1508406530d1","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ercorps-37load.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ercorps-37load.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d5b5898f-01f6-58e0-a3ba-191a14d30966","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"erpolicies-11v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'erpolicies-11v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a6b85b5-f790-51a1-9c81-5c8cea260cc1","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://erpolicies-11v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://erpolicies-11v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a1475723-aec8-5e98-bb59-a7cc3f3c0f04","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol10s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol10s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--81eb64b4-b6dc-5999-b7fd-255af4e2656f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol10s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol10s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35199d60-669e-5f73-ac3b-e1d9bebb4934","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"polercm-34v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'polercm-34v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0d0a8eaa-06b6-5118-8055-35975ad5b584","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://polercm-34v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://polercm-34v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9030dada-ca28-5d10-860b-9a43358adc4b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newpolinf41s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf41s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--69175c2d-9205-5995-ace2-1a3f4f18d7a2","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newpolinf41s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf41s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a902e223-47cf-5b62-9ec3-00eb88aa27ba","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--25fd61e7-4bf1-5930-8092-70baaef35893","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f4d9c043-a106-5ac1-9e54-9da33febea4f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newpolinf23s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf23s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35d15f98-8acc-5a27-800b-873c75ec735b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newpolinf23s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf23s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84b1a3b8-fd6d-5112-a32a-0f82813b7c10","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"usr.ntdepchk51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'usr.ntdepchk51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a58aae51-e7d1-50aa-aec2-de827e67fcb6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://usr.ntdepchk51s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://usr.ntdepchk51s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4a8d880-6b0c-5171-89fc-daf1a4dca577","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a02623b-60df-5a8e-8d2c-c24e97d867e6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk72s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk72s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9fa77e47-8626-5161-b502-7acd1a09bc50","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--53285c56-c586-5622-861c-43928084ff2a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk10s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk10s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--77edc265-3df3-59b8-910e-9191a32c777d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e071ee6d-4f6b-51b5-8fe2-930d0a4c4a56","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk75s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk75s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83edd6b0-6cbf-577f-a0d2-7ae754c8788b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nappstatic75svc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nappstatic75svc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0f6a8ea-5292-5b8d-9fef-fc3a4b666c09","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nappstatic75svc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nappstatic75svc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d3f8e4bc-5eba-52e8-b815-144e21b9bd5b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk19s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk19s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a0bc3a45-ba96-5138-8e09-c5a71692c4d8","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk19s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk19s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f049814-7198-5808-b017-ee76272f86ee","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk89s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk89s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8607f47-6502-5a79-8d95-bee88101648c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk89s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk89s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--35935b5e-8192-540e-8a03-0e2616f06fc9","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newaltercm31s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm31s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c07bcf5d-feff-5f2b-8cfb-cf3cabd93702","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newaltercm31s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm31s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a8ccf45-907c-5fd9-91d0-0351a83ebda1","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48ab835c-7ee3-5649-80de-0e06c306edde","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk22s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk22s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--85f96af2-a66e-50eb-abe3-35ea9cb8e100","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newaltercm37s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm37s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--251a2753-05db-5a6d-b9c9-5de6fef6df36","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newaltercm37s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm37s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b47cd3e-01f2-58ea-a430-b8b94b885205","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol2s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol2s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb07a415-6e9f-5fc4-82b3-548ccd427003","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol2s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol2s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f3e4e9d-d752-525b-a668-6b9a34d40739","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol18s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol18s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44577281-2c87-5780-84ec-84091f20340c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol18s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol18s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50af0e5e-d301-5f9a-8a95-94297bcf1d9b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emspol1s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol1s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd9051e7-0ee3-5053-8c20-66fb1760fd26","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emspol1s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol1s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52f9a043-5384-5a64-80a9-24868f9d7c53","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emspol6s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol6s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c501d705-763e-5295-b4a6-0f96f998ef3a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emspol6s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol6s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3f72f8a8-eb4b-5374-93c0-87d3b072dc84","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emspol8s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol8s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fe0696cc-e6ff-5b64-98aa-48305a833872","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emspol8s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol8s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2a4fe61-36dd-5c8a-98c2-043aec3e2208","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol8s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol8s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--968ad67e-63f8-5c3e-abdc-6c9504f52d25","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol8s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol8s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d223854-bcbd-5cff-a657-e240ae6eaa62","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newpolinf30s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf30s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00bd9705-20fb-5162-bea5-069439b52d10","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newpolinf30s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf30s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e52f20c-b7df-551d-b783-ba25e45e1e16","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol6s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol6s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4afaa1e-9d19-517b-b848-88cced38df50","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol6s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol6s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16b83fe8-3df6-5c6b-8c4c-da0967871e31","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newpolinf17s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf17s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3120cd7-e51e-5a84-aec5-8fa7bbf36237","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newpolinf17s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf17s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--008cb3d5-6532-5da9-972a-0eae79e48035","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol7s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol7s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6c886ca-42a1-5953-8fe3-f3347ca6fe44","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol7s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol7s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2301f4ff-e088-5516-ac33-48d1c7fa083b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emspol10s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol10s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a731f50e-53d0-53e7-8d35-58e3cc246504","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emspol10s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol10s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f76e38c1-b4ce-52f5-adc2-5613d77f9f86","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newaltercm19s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm19s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4452b2b0-e740-5133-adc7-e2ab7cb5179e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newaltercm19s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm19s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d4970bc-0093-5518-81b9-ef1926b4fa14","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newaltercm48s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm48s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--30954b3d-7e1d-5c4d-8a85-3777af393fca","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newaltercm48s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm48s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4575dc6-527a-5ada-baca-62b3b04993c6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emspol5s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol5s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--980c78f3-5ec3-5a22-abb3-72ecb620127a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emspol5s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol5s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e11c68a3-e944-5803-b4d9-579af4cf164b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newaltercm44s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm44s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2179a860-81f1-5ad9-b7f8-a8c4efbf7c79","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newaltercm44s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm44s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e8e3973-cf26-5d10-9e61-d0b4140dda8d","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"uofficialerc29v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uofficialerc29v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e9c04df-75e4-50dc-83a8-fe74d1ab928f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://uofficialerc29v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uofficialerc29v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb177e9f-4708-5f9d-96d9-e1ef4b1a2747","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol13s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol13s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ddc6fd02-ae43-5f09-86a6-a8ce485918da","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol13s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol13s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fec3c566-2caf-519c-817b-be397c670ac4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newaltercm45s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm45s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c0be6f4-c048-56ec-80b3-2e33d77c2cae","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newaltercm45s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm45s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b6cf35b-2704-57f9-999c-7b3c5d35740c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"docinfo.newaltercm45s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.newaltercm45s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bede498d-edc7-5f78-af32-80f98af91b95","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://docinfo.newaltercm45s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.newaltercm45s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae24d000-a9c2-56c5-8910-1f69154ed830","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newaltercm15s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newaltercm15s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a5595df-33f6-5b74-95e0-e29f03d9878f","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newaltercm15s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newaltercm15s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7b8962f-5576-5b62-8b03-bac1cd699eb0","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk88s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk88s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--80954f53-c4dc-50b0-a46d-96313a2ab29c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk88s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk88s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65522bb1-ec01-5884-9084-a84ddcdbe636","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8badf51-c5c8-5a2e-9f43-be46aaf2d36a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6d8eadf-43b0-5b71-9838-ef4cc34cde04","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"docinfo.ntdepchk26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ntdepchk26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--69b269a5-c7f1-54fc-b816-61dc35a51c19","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://docinfo.ntdepchk26s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ntdepchk26s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb7fe33e-fc42-5eeb-8d9d-1c38f035b44a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol16s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol16s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d312e1c-26ad-57c4-955b-5c62717ac0c6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol16s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol16s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e45e13f9-b428-5ebb-b8cb-49552d917c37","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol20s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol20s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ca7e67f8-9d40-59ff-b4fa-16ad59c731bc","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol20s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol20s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec3812c3-7150-5fbf-b8a4-a9acde873142","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8442f145-e8bf-51ae-b2ea-6cd0ff90c393","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk77s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk77s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14a2f9f7-cc63-514a-90df-b18dd7edde94","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk29s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk29s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--60ee2143-6365-5474-aafa-d51946d34448","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk29s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk29s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--daa2b18f-28e4-52e9-85a7-fee88811ca0b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk86s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk86s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f2fdda97-890f-5e59-9b37-9fa0cbffbd49","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk86s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk86s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054269866534953072"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e3e8e5f-4c4a-5f13-9a3e-254cbcaf550e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"newpolinf9s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'newpolinf9s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e491c36-f49e-5418-ba08-829dce981e80","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://newpolinf9s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://newpolinf9s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e748aa77-6c7c-5e02-b3e9-a46aea11166e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"emspol4s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'emspol4s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e96bff0b-25da-5e7e-8981-222bf354b299","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://emspol4s.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://emspol4s.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--efdbaeb1-952c-5428-ab73-0e5f84cbf213","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"docinfo.ntdepchk87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ntdepchk87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d52e039b-f33e-5a21-a3bd-b887c99e1036","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://docinfo.ntdepchk87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ntdepchk87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b4bd45f7-bce0-5a78-b87e-18fa6fcff329","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk65s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk65s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f4a27bf-53d5-57c3-9baa-4d3369f77d33","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk65s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk65s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf926598-5c73-5c0e-95b1-c4b056f3c352","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--83b393fa-755e-51b7-9b4a-efd6abe351b4","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk87s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk87s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b39d9984-f356-5ce0-a90f-485d1bd4a76c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"ntdepchk17s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntdepchk17s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e5fc240-ff84-540b-8592-6fcab818c248","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://ntdepchk17s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntdepchk17s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--43ba2ca1-a2f7-5752-a746-15025fbf1dd0","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nhpolercm6v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm6v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--20dd6773-49fa-5cb8-910f-dfbf106c5477","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nhpolercm6v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm6v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5432e9f7-7711-582d-aeaa-ecb557a6fde3","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nmethodsrc15v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nmethodsrc15v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--764c5464-1bd2-585d-85ca-7bcd6a11658a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nmethodsrc15v.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nmethodsrc15v.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdc90adc-22a1-5fff-93af-da9dedfdac35","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol4s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol4s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--381f83dc-da05-541c-bae2-1516c69fcf1c","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol4s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol4s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f740b1a-56b3-52b9-8514-df006847ff42","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nhpolercm98v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nhpolercm98v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--315d8e1c-9698-556a-a389-b8b030c11723","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nhpolercm98v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nhpolercm98v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--914cf54e-d147-5568-b653-2c0a3758e79e","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"nps-authdep69svc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nps-authdep69svc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d0c293da-9b29-522a-a77a-213b884a7afd","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://nps-authdep69svc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nps-authdep69svc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bf504f0-681b-5e52-95c4-8802974ca0c6","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"polercm-85v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'polercm-85v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2ee7dba6-a490-5807-a79b-0b3478c86838","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://polercm-85v.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://polercm-85v.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d2556d9b-bcc1-5f5c-8517-9b2abcfd118a","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"inlinepol15s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'inlinepol15s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8cf30ead-b96e-5761-8a07-2a2f5a7824bd","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://inlinepol15s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://inlinepol15s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d56c44e2-9135-5518-99f8-89726ce50305","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"edoc.inlinepol15s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edoc.inlinepol15s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--92517221-a047-5a1a-9abe-49f4b60d1b7b","created":"2026-05-12T18:37:00.000Z","modified":"2026-05-12T18:37:00.000Z","valid_from":"2026-05-12T18:37:00.000Z","name":"http://edoc.inlinepol15s.roxa.org","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edoc.inlinepol15s.roxa.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2049924547810299999"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c7607356-4c49-53b5-aa77-a77e25edb74d","created":"2026-05-12T20:00:00.000Z","modified":"2026-05-12T20:00:00.000Z","valid_from":"2026-05-12T20:00:00.000Z","name":"finalaccountwarningteam.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'finalaccountwarningteam.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054290551369781289"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ba951a8-78c5-5114-bf57-95673264188f","created":"2026-05-12T20:00:00.000Z","modified":"2026-05-12T20:00:00.000Z","valid_from":"2026-05-12T20:00:00.000Z","name":"https://finalaccountwarningteam.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://finalaccountwarningteam.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054290551369781289"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97d3052e-475d-5602-9f7f-06283de5aa33","created":"2026-05-12T22:00:00.000Z","modified":"2026-05-12T22:00:00.000Z","valid_from":"2026-05-12T22:00:00.000Z","name":"xploreonlineserver.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xploreonlineserver.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054320750966792413"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd02bfc8-bcae-5d90-b24b-6f0c515768e4","created":"2026-05-12T22:00:00.000Z","modified":"2026-05-12T22:00:00.000Z","valid_from":"2026-05-12T22:00:00.000Z","name":"https://xploreonlineserver.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://xploreonlineserver.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054320750966792413"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5532f769-d90b-5a40-b84f-37200d91f0ee","created":"2026-05-13T00:00:00.000Z","modified":"2026-05-13T00:00:00.000Z","valid_from":"2026-05-13T00:00:00.000Z","name":"netflix-clone-6.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'netflix-clone-6.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054350942758178970"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eeea70e7-12cc-53e7-a1aa-4a9045e651eb","created":"2026-05-13T00:00:00.000Z","modified":"2026-05-13T00:00:00.000Z","valid_from":"2026-05-13T00:00:00.000Z","name":"https://netflix-clone-6.vercel.app","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://netflix-clone-6.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054350942758178970"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f762b2c-847a-5132-b2be-abc0d7347052","created":"2026-05-13T00:22:00.000Z","modified":"2026-05-13T00:22:00.000Z","valid_from":"2026-05-13T00:22:00.000Z","name":"b10a.mobi","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'b10a.mobi']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054356678276264197"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--daf90ef3-ed61-55f2-9fd7-94aa413f960e","created":"2026-05-13T00:22:00.000Z","modified":"2026-05-13T00:22:00.000Z","valid_from":"2026-05-13T00:22:00.000Z","name":"https://b10a.mobi/BANTEND","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://b10a.mobi/BANTEND']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054356678276264197"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7328cd5-0842-5aa1-befb-bd14a0ad9b2e","created":"2026-05-13T02:00:00.000Z","modified":"2026-05-13T02:00:00.000Z","valid_from":"2026-05-13T02:00:00.000Z","name":"roblox.gf","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'roblox.gf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054381165683913185"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5309cd3b-98eb-5be5-974f-48f05124ba04","created":"2026-05-13T02:00:00.000Z","modified":"2026-05-13T02:00:00.000Z","valid_from":"2026-05-13T02:00:00.000Z","name":"https://roblox.gf/games/5233782396/Creatures-of-Sonaria-Survive-Kaiju-Animals?privateServerLinkCode=51941004943843141444838697520702","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://roblox.gf/games/5233782396/Creatures-of-Sonaria-Survive-Kaiju-Animals?privateServerLinkCode=51941004943843141444838697520702']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054381165683913185"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9c9e70e8-2787-5c86-9bfe-870b1dc8fc02","created":"2026-05-13T02:46:00.000Z","modified":"2026-05-13T02:46:00.000Z","valid_from":"2026-05-13T02:46:00.000Z","name":"leyalobis.z33.web.core.windows.net","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'leyalobis.z33.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054392935853306303"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5bf26007-7afe-571a-a2b9-ebdbbef855b6","created":"2026-05-13T02:46:00.000Z","modified":"2026-05-13T02:46:00.000Z","valid_from":"2026-05-13T02:46:00.000Z","name":"https://leyalobis.z33.web.core.windows.net/zucs06iym6hj.html#XwlyjVk2plhmle31","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://leyalobis.z33.web.core.windows.net/zucs06iym6hj.html#XwlyjVk2plhmle31']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054392935853306303"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6d32f89-eb71-5d0a-bc44-4b438c66c7c1","created":"2026-05-13T03:01:00.000Z","modified":"2026-05-13T03:01:00.000Z","valid_from":"2026-05-13T03:01:00.000Z","name":"qr.paypay.ne.jp","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'qr.paypay.ne.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054396644297515461"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--88b25461-10e6-5c3b-912d-a0c6dca6ff85","created":"2026-05-13T03:01:00.000Z","modified":"2026-05-13T03:01:00.000Z","valid_from":"2026-05-13T03:01:00.000Z","name":"https://qr.paypay.ne.jp/p2p01_5xY8eHfpfy5DM8nN","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://qr.paypay.ne.jp/p2p01_5xY8eHfpfy5DM8nN']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054396644297515461"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--db3d18ad-d8ed-58a6-9b16-de5e219c2d32","created":"2026-05-13T03:01:00.000Z","modified":"2026-05-13T03:01:00.000Z","valid_from":"2026-05-13T03:01:00.000Z","name":"45.91.227.43","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '45.91.227.43']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054396644297515461"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c88a2879-e7ad-522d-b4c3-4f33eef26ea7","created":"2026-05-13T03:01:00.000Z","modified":"2026-05-13T03:01:00.000Z","valid_from":"2026-05-13T03:01:00.000Z","name":"3.164.143.89","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '3.164.143.89']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054396644297515461"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72b64ca2-3bbf-5c06-9944-5c5a1079c798","created":"2026-05-13T03:32:00.000Z","modified":"2026-05-13T03:32:00.000Z","valid_from":"2026-05-13T03:32:00.000Z","name":"https://qr.paypay.ne.jp/p2p01_FuYCLAoaAmaqk9n9","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://qr.paypay.ne.jp/p2p01_FuYCLAoaAmaqk9n9']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054404330250473931"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c7e1948-401b-5cf3-b470-3205e68d8cf4","created":"2026-05-13T03:32:00.000Z","modified":"2026-05-13T03:32:00.000Z","valid_from":"2026-05-13T03:32:00.000Z","name":"123.180.19.119","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '123.180.19.119']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054404330250473931"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a611e54a-2768-5149-8345-af24ce72f587","created":"2026-05-13T03:33:00.000Z","modified":"2026-05-13T03:33:00.000Z","valid_from":"2026-05-13T03:33:00.000Z","name":"noblemist.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'noblemist.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054404688779640949"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a0747771-3668-5a0b-9aa0-b2684651a85e","created":"2026-05-13T03:33:00.000Z","modified":"2026-05-13T03:33:00.000Z","valid_from":"2026-05-13T03:33:00.000Z","name":"https://noblemist.com/notice/information","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://noblemist.com/notice/information']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054404688779640949"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ed3b386d-d2db-5e82-99ad-f24ddc5d083d","created":"2026-05-13T03:33:00.000Z","modified":"2026-05-13T03:33:00.000Z","valid_from":"2026-05-13T03:33:00.000Z","name":"e-stat.url-btiyu.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.url-btiyu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054404649340506433"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc38a870-5201-5114-8f16-9ae3e8ccb7b8","created":"2026-05-13T03:33:00.000Z","modified":"2026-05-13T03:33:00.000Z","valid_from":"2026-05-13T03:33:00.000Z","name":"https://e-stat.url-btiyu.com/home","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.url-btiyu.com/home']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054404649340506433"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ae5e630-267f-5bc2-9dd8-2d67c83c7f8d","created":"2026-05-13T03:49:00.000Z","modified":"2026-05-13T03:49:00.000Z","valid_from":"2026-05-13T03:49:00.000Z","name":"https://qr.paypay.ne.jp/p2p01_mP0rCB0KG2fij2Zn","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://qr.paypay.ne.jp/p2p01_mP0rCB0KG2fij2Zn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054408782344798435"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10b78e32-9fce-5464-85f1-7ae310f94354","created":"2026-05-13T03:49:00.000Z","modified":"2026-05-13T03:49:00.000Z","valid_from":"2026-05-13T03:49:00.000Z","name":"2.59.152.85","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '2.59.152.85']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054408782344798435"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--16f549fa-f527-5e63-a4fa-42fa589b63fd","created":"2026-05-13T03:50:00.000Z","modified":"2026-05-13T03:50:00.000Z","valid_from":"2026-05-13T03:50:00.000Z","name":"https://qr.paypay.ne.jp/p2p01_vi5lr3RFpYtB9JCq","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://qr.paypay.ne.jp/p2p01_vi5lr3RFpYtB9JCq']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054408970035737025"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7203464b-723b-5a51-9fdb-ae72cb982cb8","created":"2026-05-13T03:50:00.000Z","modified":"2026-05-13T03:50:00.000Z","valid_from":"2026-05-13T03:50:00.000Z","name":"113.236.106.100","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '113.236.106.100']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054408970035737025"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b3e38f2-9bbd-56b1-a925-8d61c3323c80","created":"2026-05-13T03:59:00.000Z","modified":"2026-05-13T03:59:00.000Z","valid_from":"2026-05-13T03:59:00.000Z","name":"49.87.27.41","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '49.87.27.41']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054411058723569806"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7887d2d-f9ff-552a-8cf7-0d38cbf9c7c1","created":"2026-05-13T04:00:00.000Z","modified":"2026-05-13T04:00:00.000Z","valid_from":"2026-05-13T04:00:00.000Z","name":"pub-3201b0059e074b9486139d100a5af429.r2.dev","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pub-3201b0059e074b9486139d100a5af429.r2.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054411363666059286"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--938c7c0c-faa7-553d-bdc3-1ccdea770462","created":"2026-05-13T04:00:00.000Z","modified":"2026-05-13T04:00:00.000Z","valid_from":"2026-05-13T04:00:00.000Z","name":"http://pub-3201b0059e074b9486139d100a5af429.r2.dev/bv.html","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pub-3201b0059e074b9486139d100a5af429.r2.dev/bv.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054411363666059286"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0025b4f-dbd7-587a-ad09-dd0f26fb2d1c","created":"2026-05-13T04:11:00.000Z","modified":"2026-05-13T04:11:00.000Z","valid_from":"2026-05-13T04:11:00.000Z","name":"nybjhw.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nybjhw.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054414268133786028"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a6bf0453-d4c6-5e24-8053-2fce7ecc589b","created":"2026-05-13T04:11:00.000Z","modified":"2026-05-13T04:11:00.000Z","valid_from":"2026-05-13T04:11:00.000Z","name":"https://nybjhw.com/?type=verify&key=gzpbbcpsqq","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://nybjhw.com/?type=verify&key=gzpbbcpsqq']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054414268133786028"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72dfda7b-78d5-5173-9920-4c2268a6f67e","created":"2026-05-13T04:11:00.000Z","modified":"2026-05-13T04:11:00.000Z","valid_from":"2026-05-13T04:11:00.000Z","name":"34.146.118.97","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.146.118.97']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054414268133786028"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9fc5873d-7efc-56b9-b095-f7a02b1fc206","created":"2026-05-13T04:12:00.000Z","modified":"2026-05-13T04:12:00.000Z","valid_from":"2026-05-13T04:12:00.000Z","name":"zfhcbj.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'zfhcbj.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054414428788170809"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71c400fb-6b42-55f7-9434-def9528d3b37","created":"2026-05-13T04:12:00.000Z","modified":"2026-05-13T04:12:00.000Z","valid_from":"2026-05-13T04:12:00.000Z","name":"https://zfhcbj.com/?type=verify&key=olamzfolnj","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://zfhcbj.com/?type=verify&key=olamzfolnj']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054414428788170809"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f8d475c-d07c-51d7-a33c-d4be6787a369","created":"2026-05-13T04:33:00.000Z","modified":"2026-05-13T04:33:00.000Z","valid_from":"2026-05-13T04:33:00.000Z","name":"209.87.149.168","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '209.87.149.168']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054419826173751790"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad40e881-d7f0-54d3-97ad-1d61e86c2eb7","created":"2026-05-13T04:33:00.000Z","modified":"2026-05-13T04:33:00.000Z","valid_from":"2026-05-13T04:33:00.000Z","name":"startcompliance.click","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'startcompliance.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054419841122279859"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6adfab4-1278-5eb1-8297-54f333ed9454","created":"2026-05-13T04:33:00.000Z","modified":"2026-05-13T04:33:00.000Z","valid_from":"2026-05-13T04:33:00.000Z","name":"https://www.startcompliance.click/kFNQHbvZ8-F1mOj4BOJX-mUNSJP6u-wApaUVu/index.html","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://www.startcompliance.click/kFNQHbvZ8-F1mOj4BOJX-mUNSJP6u-wApaUVu/index.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054419841122279859"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c396cf03-ccbd-58fe-89f4-1d08fe260c56","created":"2026-05-13T04:45:00.000Z","modified":"2026-05-13T04:45:00.000Z","valid_from":"2026-05-13T04:45:00.000Z","name":"anxingcharge.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'anxingcharge.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054422831187014122"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4bb6c49b-6083-5d6e-abb4-d564c2d6e783","created":"2026-05-13T04:45:00.000Z","modified":"2026-05-13T04:45:00.000Z","valid_from":"2026-05-13T04:45:00.000Z","name":"https://anxingcharge.com/7HRL93uV34.social","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://anxingcharge.com/7HRL93uV34.social']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054422831187014122"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--80d187ea-4b27-592a-86b1-d12b7fec4732","created":"2026-05-13T04:45:00.000Z","modified":"2026-05-13T04:45:00.000Z","valid_from":"2026-05-13T04:45:00.000Z","name":"150.136.228.252","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '150.136.228.252']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054422831187014122"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--357bd60b-7fb3-5e9e-87e7-df1cd66e6024","created":"2026-05-13T04:46:00.000Z","modified":"2026-05-13T04:46:00.000Z","valid_from":"2026-05-13T04:46:00.000Z","name":"apexkongbai.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'apexkongbai.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054422987999494184"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6dab82ba-2d36-5051-9b63-ef7d6ddc1eef","created":"2026-05-13T04:46:00.000Z","modified":"2026-05-13T04:46:00.000Z","valid_from":"2026-05-13T04:46:00.000Z","name":"https://apexkongbai.com/NyLTmazo5C.axd","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://apexkongbai.com/NyLTmazo5C.axd']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054422987999494184"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc8b2508-96cc-5d1a-80ea-5b29f575659a","created":"2026-05-13T04:46:00.000Z","modified":"2026-05-13T04:46:00.000Z","valid_from":"2026-05-13T04:46:00.000Z","name":"150.136.126.82","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '150.136.126.82']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054422987999494184"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50e02826-4805-56bf-8f61-2e48a4f05c4c","created":"2026-05-13T04:47:00.000Z","modified":"2026-05-13T04:47:00.000Z","valid_from":"2026-05-13T04:47:00.000Z","name":"annovireverberipump.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'annovireverberipump.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054423168975311327"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--948dde97-2b11-59dc-9696-7687f3617572","created":"2026-05-13T04:47:00.000Z","modified":"2026-05-13T04:47:00.000Z","valid_from":"2026-05-13T04:47:00.000Z","name":"https://annovireverberipump.com/sEv8lV0zeT.niigata-city.jp","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://annovireverberipump.com/sEv8lV0zeT.niigata-city.jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054423168975311327"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--df62cf30-d095-52fb-86d9-b7817e7be7da","created":"2026-05-13T04:47:00.000Z","modified":"2026-05-13T04:47:00.000Z","valid_from":"2026-05-13T04:47:00.000Z","name":"192.9.155.132","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '192.9.155.132']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054423168975311327"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d3a55ed-0c3c-52f5-aa18-34153535723e","created":"2026-05-13T04:54:00.000Z","modified":"2026-05-13T04:54:00.000Z","valid_from":"2026-05-13T04:54:00.000Z","name":"jp.5-13paypayz.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jp.5-13paypayz.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054425017224704246"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e54e4a11-7069-5510-8982-e60c818ad2d8","created":"2026-05-13T04:54:00.000Z","modified":"2026-05-13T04:54:00.000Z","valid_from":"2026-05-13T04:54:00.000Z","name":"https://jp.5-13paypayz.com/jp","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jp.5-13paypayz.com/jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054425017224704246"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31d99825-c0d9-5eac-95a6-6cd5fa27d04a","created":"2026-05-13T05:01:00.000Z","modified":"2026-05-13T05:01:00.000Z","valid_from":"2026-05-13T05:01:00.000Z","name":"miont.hair","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'miont.hair']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054426734158852466"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a49d53bd-d11e-5f3d-ba40-65bcdd315a0e","created":"2026-05-13T05:01:00.000Z","modified":"2026-05-13T05:01:00.000Z","valid_from":"2026-05-13T05:01:00.000Z","name":"https://miont.hair/?email=vwiyf","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://miont.hair/?email=vwiyf']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054426734158852466"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--223ced62-a78f-5aa0-8d15-c88ad5d0fcf4","created":"2026-05-13T05:01:00.000Z","modified":"2026-05-13T05:01:00.000Z","valid_from":"2026-05-13T05:01:00.000Z","name":"52.103.20.94","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '52.103.20.94']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054426734158852466"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--739b4e5d-d209-5089-a866-30a4ec56abba","created":"2026-05-13T05:33:00.000Z","modified":"2026-05-13T05:33:00.000Z","valid_from":"2026-05-13T05:33:00.000Z","name":"annakovaleva.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'annakovaleva.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054434942910931179"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--861f4a7c-1522-544b-a954-ce6a5427889d","created":"2026-05-13T05:33:00.000Z","modified":"2026-05-13T05:33:00.000Z","valid_from":"2026-05-13T05:33:00.000Z","name":"https://annakovaleva.com/?type=verify&key=pfvbhfjzjx","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://annakovaleva.com/?type=verify&key=pfvbhfjzjx']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054434942910931179"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48f037ae-18b9-59a9-a250-db03b478aff5","created":"2026-05-13T05:35:00.000Z","modified":"2026-05-13T05:35:00.000Z","valid_from":"2026-05-13T05:35:00.000Z","name":"mbapped.com","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mbapped.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054435265381601389"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58772937-7d99-5281-8104-ee02e70c0bed","created":"2026-05-13T05:35:00.000Z","modified":"2026-05-13T05:35:00.000Z","valid_from":"2026-05-13T05:35:00.000Z","name":"https://mbapped.com/?type=verify&key=rsgttabfsb","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mbapped.com/?type=verify&key=rsgttabfsb']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054435265381601389"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb1cfc4e-941a-5d0f-9eb1-956e1314a300","created":"2026-05-13T05:35:00.000Z","modified":"2026-05-13T05:35:00.000Z","valid_from":"2026-05-13T05:35:00.000Z","name":"34.146.134.26","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.146.134.26']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054435265381601389"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7415361b-f45d-51f0-bbbc-8c8adc048ebd","created":"2026-05-13T05:35:00.000Z","modified":"2026-05-13T05:35:00.000Z","valid_from":"2026-05-13T05:35:00.000Z","name":"101.32.97.203","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '101.32.97.203']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054435265381601389"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--48ac6c13-3a9f-5af2-8abc-20e806074c16","created":"2026-05-13T05:35:00.000Z","modified":"2026-05-13T05:35:00.000Z","valid_from":"2026-05-13T05:35:00.000Z","name":"https://mbapped.com/captcha/go/44e6a0422861f04489a0488ad82c4771","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mbapped.com/captcha/go/44e6a0422861f04489a0488ad82c4771']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054435267168370743"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f7a2e88-01e9-58a2-98a8-9ff8d865ef28","created":"2026-05-13T05:35:00.000Z","modified":"2026-05-13T05:35:00.000Z","valid_from":"2026-05-13T05:35:00.000Z","name":"cvuhvbkeoqdu.top","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cvuhvbkeoqdu.top']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054435267168370743"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c972f95-1d7c-5baf-af25-86e8bf02acfe","created":"2026-05-13T05:35:00.000Z","modified":"2026-05-13T05:35:00.000Z","valid_from":"2026-05-13T05:35:00.000Z","name":"https://cvuhvbkeoqdu.top/jp","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cvuhvbkeoqdu.top/jp']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054435267168370743"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--131efb0b-f1c6-52ef-825a-353eaef38a31","created":"2026-05-13T05:35:00.000Z","modified":"2026-05-13T05:35:00.000Z","valid_from":"2026-05-13T05:35:00.000Z","name":"43.167.190.152","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '43.167.190.152']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054435267168370743"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f5ee7bd-73f7-5912-b2cd-8cbeb415f9c1","created":"2026-05-13T05:40:00.000Z","modified":"2026-05-13T05:40:00.000Z","valid_from":"2026-05-13T05:40:00.000Z","name":"ccssnk.com","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ccssnk.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054436697312833572"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64e2aef9-22ee-511e-ac3e-e0e5baa45a9c","created":"2026-05-13T05:40:00.000Z","modified":"2026-05-13T05:40:00.000Z","valid_from":"2026-05-13T05:40:00.000Z","name":"https://ccssnk.com","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ccssnk.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054436697312833572"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b1c2f3c1-ff30-5a4b-bd3b-535c1e4ae2e1","created":"2026-05-13T05:40:00.000Z","modified":"2026-05-13T05:40:00.000Z","valid_from":"2026-05-13T05:40:00.000Z","name":"http://8.209.198.204","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://8.209.198.204']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054436697312833572"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--62cf8673-1bc0-539f-810e-c31a03d98d36","created":"2026-05-13T05:40:00.000Z","modified":"2026-05-13T05:40:00.000Z","valid_from":"2026-05-13T05:40:00.000Z","name":"8.209.198.204","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.209.198.204']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054436697312833572"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8afe383c-8aed-58df-a191-fc64347b4a49","created":"2026-05-13T05:52:00.000Z","modified":"2026-05-13T05:52:00.000Z","valid_from":"2026-05-13T05:52:00.000Z","name":"dsoqqcfd.vjxjrfyu.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dsoqqcfd.vjxjrfyu.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054439630809030771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f611528b-0dd2-59fb-8354-fc7b944de9c9","created":"2026-05-13T05:52:00.000Z","modified":"2026-05-13T05:52:00.000Z","valid_from":"2026-05-13T05:52:00.000Z","name":"https://dsoqqcfd.vjxjrfyu.cn/optmer-prefere_html/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dsoqqcfd.vjxjrfyu.cn/optmer-prefere_html/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054439630809030771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b5e91e1-b504-59fc-9a8d-41f21c788a10","created":"2026-05-13T05:52:00.000Z","modified":"2026-05-13T05:52:00.000Z","valid_from":"2026-05-13T05:52:00.000Z","name":"http://165.154.231.146","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://165.154.231.146']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054439630809030771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14646d38-f535-505d-9544-5d0ec6d3ce49","created":"2026-05-13T05:52:00.000Z","modified":"2026-05-13T05:52:00.000Z","valid_from":"2026-05-13T05:52:00.000Z","name":"165.154.231.146","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '165.154.231.146']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054439630809030771"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f1fa25f9-8343-5b9e-90ed-c668731f851f","created":"2026-05-13T06:07:00.000Z","modified":"2026-05-13T06:07:00.000Z","valid_from":"2026-05-13T06:07:00.000Z","name":"cqizvybx.bhmsbp.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cqizvybx.bhmsbp.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054443329186828792"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cfc6e74f-2b2e-52f0-881f-b1768e3cb28e","created":"2026-05-13T06:07:00.000Z","modified":"2026-05-13T06:07:00.000Z","valid_from":"2026-05-13T06:07:00.000Z","name":"https://cqizvybx.bhmsbp.cn/iiufhys/eorio/loging/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://cqizvybx.bhmsbp.cn/iiufhys/eorio/loging/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054443329186828792"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c01cddb2-e631-51f6-ac8f-58670359a330","created":"2026-05-13T06:15:00.000Z","modified":"2026-05-13T06:15:00.000Z","valid_from":"2026-05-13T06:15:00.000Z","name":"4453b9e985f452365995c399f5292c92764570f03e6a066d7845320dd4ad09a1","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '4453b9e985f452365995c399f5292c92764570f03e6a066d7845320dd4ad09a1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2054445326355124566"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--499e1686-82f7-5dd3-96fa-344c1a5d969c","created":"2026-05-13T06:27:00.000Z","modified":"2026-05-13T06:27:00.000Z","valid_from":"2026-05-13T06:27:00.000Z","name":"https://qr.paypay.ne.jp/p2p01_uzRRJAYVKj3BlCER","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://qr.paypay.ne.jp/p2p01_uzRRJAYVKj3BlCER']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054448490722549945"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f51c768e-72c8-5c3e-b54c-6752337c016c","created":"2026-05-13T06:27:00.000Z","modified":"2026-05-13T06:27:00.000Z","valid_from":"2026-05-13T06:27:00.000Z","name":"60.21.12.25","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '60.21.12.25']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054448490722549945"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--637914f5-7718-5d6c-a770-a8b51e861a65","created":"2026-05-13T06:27:00.000Z","modified":"2026-05-13T06:27:00.000Z","valid_from":"2026-05-13T06:27:00.000Z","name":"3.164.143.129","description":"IOC reported by @romonlyht on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '3.164.143.129']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/romonlyht/status/2054448490722549945"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--297d0bb2-dd5b-53ef-8172-3a7e5b16ee3a","created":"2026-05-13T06:39:00.000Z","modified":"2026-05-13T06:39:00.000Z","valid_from":"2026-05-13T06:39:00.000Z","name":"867514.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = '867514.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054451554615275819"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ed671c5-d8b1-5272-b034-3fc91e4d05ac","created":"2026-05-13T06:39:00.000Z","modified":"2026-05-13T06:39:00.000Z","valid_from":"2026-05-13T06:39:00.000Z","name":"http://867514.app","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://867514.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054451554615275819"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9692a4cd-bcd4-5797-9d7e-9b2b71b60559","created":"2026-05-13T06:44:00.000Z","modified":"2026-05-13T06:44:00.000Z","valid_from":"2026-05-13T06:44:00.000Z","name":"77.91.97.125","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '77.91.97.125']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054452806208106938"}],"labels":["NetSupport","RAT","booking"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4a41874-022d-5081-a3a8-ab08c586eda6","created":"2026-05-13T06:44:00.000Z","modified":"2026-05-13T06:44:00.000Z","valid_from":"2026-05-13T06:44:00.000Z","name":"91.92.34.113","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '91.92.34.113']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054452806208106938"}],"labels":["NetSupport","RAT","booking"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e9d28e1-fd39-5405-8d92-835b60409858","created":"2026-05-13T06:52:00.000Z","modified":"2026-05-13T06:52:00.000Z","valid_from":"2026-05-13T06:52:00.000Z","name":"e-stat.online-6t.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.online-6t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054454692173033646"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--08c93c45-7232-520c-862d-2c5a2260ce29","created":"2026-05-13T06:52:00.000Z","modified":"2026-05-13T06:52:00.000Z","valid_from":"2026-05-13T06:52:00.000Z","name":"https://e-stat.online-6t.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.online-6t.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054454692173033646"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--10757f5f-bada-5abe-be20-889421188603","created":"2026-05-13T06:52:00.000Z","modified":"2026-05-13T06:52:00.000Z","valid_from":"2026-05-13T06:52:00.000Z","name":"https://e-stat.url-btiyu.com/ktwpraic","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.url-btiyu.com/ktwpraic']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054454692173033646"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ee083bb-b273-514e-bcf9-8f0d3cf916aa","created":"2026-05-13T07:20:00.000Z","modified":"2026-05-13T07:20:00.000Z","valid_from":"2026-05-13T07:20:00.000Z","name":"kifofjfjeio488dzedeuihui48.cfolks.pl","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kifofjfjeio488dzedeuihui48.cfolks.pl']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2054461663802183992"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e05de5be-1817-5f5c-b320-3481e63ab1fa","created":"2026-05-13T07:20:00.000Z","modified":"2026-05-13T07:20:00.000Z","valid_from":"2026-05-13T07:20:00.000Z","name":"https://kifofjfjeio488dzedeuihui48.cfolks.pl/at/vx/auth/log","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://kifofjfjeio488dzedeuihui48.cfolks.pl/at/vx/auth/log']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2054461663802183992"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5ab291bf-d8d2-5749-a474-5889e95e2aaf","created":"2026-05-13T07:21:00.000Z","modified":"2026-05-13T07:21:00.000Z","valid_from":"2026-05-13T07:21:00.000Z","name":"e-stat.cn-web-tg.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.cn-web-tg.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054462055852466267"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--626226e6-50a7-5cc4-9c82-90763455d7c0","created":"2026-05-13T07:21:00.000Z","modified":"2026-05-13T07:21:00.000Z","valid_from":"2026-05-13T07:21:00.000Z","name":"https://e-stat.cn-web-tg.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.cn-web-tg.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054462055852466267"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6fee105-b3d9-5d2a-9934-869c1d1ea67c","created":"2026-05-13T07:21:00.000Z","modified":"2026-05-13T07:21:00.000Z","valid_from":"2026-05-13T07:21:00.000Z","name":"e-stat.online-k1.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.online-k1.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054462055852466267"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d266919a-9259-53ef-9e3d-29f667c7be7d","created":"2026-05-13T07:21:00.000Z","modified":"2026-05-13T07:21:00.000Z","valid_from":"2026-05-13T07:21:00.000Z","name":"https://e-stat.online-k1.com/oo6z309q","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.online-k1.com/oo6z309q']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054462055852466267"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c748a5d-7c6a-5516-8243-9de1ba6d42fd","created":"2026-05-13T07:27:00.000Z","modified":"2026-05-13T07:27:00.000Z","valid_from":"2026-05-13T07:27:00.000Z","name":"e-stat.zp12362.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'e-stat.zp12362.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054463514417451467"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8eeedde-4e1b-55ac-a133-2f849c68146e","created":"2026-05-13T07:27:00.000Z","modified":"2026-05-13T07:27:00.000Z","valid_from":"2026-05-13T07:27:00.000Z","name":"https://e-stat.zp12362.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://e-stat.zp12362.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054463514417451467"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f4e30cc-809e-54b8-ac4c-6a29653156c0","created":"2026-05-13T07:36:00.000Z","modified":"2026-05-13T07:36:00.000Z","valid_from":"2026-05-13T07:36:00.000Z","name":"http://github.com/ud-7-te","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://github.com/ud-7-te']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054465875894472721"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--045911c9-d7bf-5852-942a-f5a90d093a27","created":"2026-05-13T07:36:00.000Z","modified":"2026-05-13T07:36:00.000Z","valid_from":"2026-05-13T07:36:00.000Z","name":"http://github.com/d7-te","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://github.com/d7-te']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054465875894472721"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6da7ae95-e59e-553e-b265-6b7a9429987f","created":"2026-05-13T07:36:00.000Z","modified":"2026-05-13T07:36:00.000Z","valid_from":"2026-05-13T07:36:00.000Z","name":"710cf679e48afe00493042c16a74b482","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '710cf679e48afe00493042c16a74b482']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054465875894472721"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--697c2102-6551-5c91-9dd3-459f4613420a","created":"2026-05-13T07:36:00.000Z","modified":"2026-05-13T07:36:00.000Z","valid_from":"2026-05-13T07:36:00.000Z","name":"8eeadec70143f1f24635c690e7809285","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8eeadec70143f1f24635c690e7809285']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2047656208115658987"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd11c81e-9804-5b24-8f92-3745fb0b4b6e","created":"2026-05-13T07:46:00.000Z","modified":"2026-05-13T07:46:00.000Z","valid_from":"2026-05-13T07:46:00.000Z","name":"34.142.2.43","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '34.142.2.43']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054468394850906419"}],"labels":["C2","RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad7d4e38-8106-5c84-8154-54cea7642112","created":"2026-05-13T07:49:00.000Z","modified":"2026-05-13T07:49:00.000Z","valid_from":"2026-05-13T07:49:00.000Z","name":"app-1776040489-oweyma.api-539826ff.workers.dev","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'app-1776040489-oweyma.api-539826ff.workers.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054469006459879433"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--958b0d43-5ccb-5bb2-b15b-8d1f7d518cf3","created":"2026-05-13T07:49:00.000Z","modified":"2026-05-13T07:49:00.000Z","valid_from":"2026-05-13T07:49:00.000Z","name":"http://app-1776040489-oweyma.api-539826ff.workers.dev","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://app-1776040489-oweyma.api-539826ff.workers.dev']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054469006459879433"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0499ca76-dde5-57db-91bf-8e8991dd401a","created":"2026-05-13T07:49:00.000Z","modified":"2026-05-13T07:49:00.000Z","valid_from":"2026-05-13T07:49:00.000Z","name":"8aadebc4fb43fb6cf3d81d5aa35eb479b9f38087d7f5fcd8f5767535dc548859","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8aadebc4fb43fb6cf3d81d5aa35eb479b9f38087d7f5fcd8f5767535dc548859']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054469006459879433"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6baffbac-7606-527f-95b8-a9a44012ca84","created":"2026-05-13T08:00:00.000Z","modified":"2026-05-13T08:00:00.000Z","valid_from":"2026-05-13T08:00:00.000Z","name":"paypal-signin.blogspot.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'paypal-signin.blogspot.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054471755540890014"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cec6faca-9537-53e4-b688-a694213449a3","created":"2026-05-13T08:00:00.000Z","modified":"2026-05-13T08:00:00.000Z","valid_from":"2026-05-13T08:00:00.000Z","name":"http://www.paypal-signin.blogspot.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://www.paypal-signin.blogspot.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054471755540890014"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb23a78f-21f0-5f04-9679-0fcb2a1af631","created":"2026-05-13T08:00:00.000Z","modified":"2026-05-13T08:00:00.000Z","valid_from":"2026-05-13T08:00:00.000Z","name":"lanotive.z16.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'lanotive.z16.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054471944079339856"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6d3bb538-d099-5b12-90b0-afe7033ba2b6","created":"2026-05-13T08:00:00.000Z","modified":"2026-05-13T08:00:00.000Z","valid_from":"2026-05-13T08:00:00.000Z","name":"https://lanotive.z16.web.core.windows.net","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://lanotive.z16.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054471944079339856"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--702ddb4f-04fb-5f54-9c40-2707cb3841df","created":"2026-05-13T08:05:00.000Z","modified":"2026-05-13T08:05:00.000Z","valid_from":"2026-05-13T08:05:00.000Z","name":"sixtysixrealestate.com","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sixtysixrealestate.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2054472984606486958"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6ff5ac5-593f-57d1-8bb3-0d6a2d3fef4d","created":"2026-05-13T08:05:00.000Z","modified":"2026-05-13T08:05:00.000Z","valid_from":"2026-05-13T08:05:00.000Z","name":"https://sixtysixrealestate.com/wp-admin/maint/sophomore/?bfx=AkLwe12026-05-13","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sixtysixrealestate.com/wp-admin/maint/sophomore/?bfx=AkLwe12026-05-13']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2054472984606486958"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a70fb165-e254-5e33-8104-741b8594ff3e","created":"2026-05-13T08:05:00.000Z","modified":"2026-05-13T08:05:00.000Z","valid_from":"2026-05-13T08:05:00.000Z","name":"https://sixtysixrealestate.com/wp-admin/maint/sophomore/?Eey=cWJvT02026-05-07","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sixtysixrealestate.com/wp-admin/maint/sophomore/?Eey=cWJvT02026-05-07']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2054472984606486958"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d650c19-9349-580d-aa8e-872346fc0e2c","created":"2026-05-13T08:05:00.000Z","modified":"2026-05-13T08:05:00.000Z","valid_from":"2026-05-13T08:05:00.000Z","name":"a609fb6d4924595384e1459bd5935d295c7e559282d3d9ec31baf9bd59e39525","description":"IOC reported by @byrne_emmy12099 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'a609fb6d4924595384e1459bd5935d295c7e559282d3d9ec31baf9bd59e39525']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/byrne_emmy12099/status/2054472984606486958"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d54e9a2-624b-5bb8-9b3f-c66ffd6d1c25","created":"2026-05-13T08:30:00.000Z","modified":"2026-05-13T08:30:00.000Z","valid_from":"2026-05-13T08:30:00.000Z","name":"78.17.41.10","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '78.17.41.10']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054479449056596078"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--34223158-d317-5d2c-9952-d59dd203cb60","created":"2026-05-13T08:53:00.000Z","modified":"2026-05-13T08:53:00.000Z","valid_from":"2026-05-13T08:53:00.000Z","name":"e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c","description":"IOC reported by @GGtld on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'e6c60ca4f996b209bbaf7429182d7ed76acf761bb9c1de63486fcb76635fa58c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/GGtld/status/2054485228077355101"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a3ddf02f-e9a6-5cd6-8e66-d88d40dcd97a","created":"2026-05-13T08:53:00.000Z","modified":"2026-05-13T08:53:00.000Z","valid_from":"2026-05-13T08:53:00.000Z","name":"80.97.160.51","description":"IOC reported by @GGtld on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '80.97.160.51']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/GGtld/status/2054485214399754371"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c66da211-6d51-5193-980e-f8f9a3230506","created":"2026-05-13T09:18:00.000Z","modified":"2026-05-13T09:18:00.000Z","valid_from":"2026-05-13T09:18:00.000Z","name":"0e78b6737119a3141e466464ee2748eb84a61750958d0cb5824febbdadd875be","description":"IOC reported by @v12sec on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '0e78b6737119a3141e466464ee2748eb84a61750958d0cb5824febbdadd875be']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/v12sec/status/2053221862608445645"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c5274f6-a41c-5ad8-8633-a728c257b75b","created":"2026-05-13T09:24:00.000Z","modified":"2026-05-13T09:24:00.000Z","valid_from":"2026-05-13T09:24:00.000Z","name":"http://103.187.4.61","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://103.187.4.61']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054492929163657234"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--aacd632c-b06c-5cb4-833f-fa0589203901","created":"2026-05-13T09:24:00.000Z","modified":"2026-05-13T09:24:00.000Z","valid_from":"2026-05-13T09:24:00.000Z","name":"103.187.4.61","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '103.187.4.61']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054492929163657234"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8120dd55-13bc-59a1-81cc-28e96dce1801","created":"2026-05-13T09:24:00.000Z","modified":"2026-05-13T09:24:00.000Z","valid_from":"2026-05-13T09:24:00.000Z","name":"0e57107c60632e756ab1684777842170","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '0e57107c60632e756ab1684777842170']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054492929163657234"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0593a08-4c05-5a05-9b10-44584c27b7a3","created":"2026-05-13T09:24:00.000Z","modified":"2026-05-13T09:24:00.000Z","valid_from":"2026-05-13T09:24:00.000Z","name":"f4b35de8b2442f2f20bcaa6250e8aae3","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = 'f4b35de8b2442f2f20bcaa6250e8aae3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054492929163657234"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d08faf9-7659-5e8c-92f1-fdb1181a7d5d","created":"2026-05-13T09:24:00.000Z","modified":"2026-05-13T09:24:00.000Z","valid_from":"2026-05-13T09:24:00.000Z","name":"97e5b28bd19ff01aaa24cb7b1bae135c","description":"IOC reported by @suyog41 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '97e5b28bd19ff01aaa24cb7b1bae135c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/suyog41/status/2054492929163657234"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb25473e-fe0f-581a-9c7f-cf97790e1b9f","created":"2026-05-13T09:35:00.000Z","modified":"2026-05-13T09:35:00.000Z","valid_from":"2026-05-13T09:35:00.000Z","name":"xwjyzxf-jp77.icu","description":"IOC reported by @_tdatwja on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xwjyzxf-jp77.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/_tdatwja/status/2054495725900480924"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0fd7b21-6fb9-5799-9460-9393e984554e","created":"2026-05-13T09:35:00.000Z","modified":"2026-05-13T09:35:00.000Z","valid_from":"2026-05-13T09:35:00.000Z","name":"http://xwjyzxf-jp77.icu","description":"IOC reported by @_tdatwja on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xwjyzxf-jp77.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/_tdatwja/status/2054495725900480924"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a8c4220-37d8-5fe2-861f-fad340ef010f","created":"2026-05-13T09:35:00.000Z","modified":"2026-05-13T09:35:00.000Z","valid_from":"2026-05-13T09:35:00.000Z","name":"4926590d8ced37f434d47d4a27ad1444","description":"IOC reported by @_tdatwja on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '4926590d8ced37f434d47d4a27ad1444']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/_tdatwja/status/2054495725900480924"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f60ebad-45f1-5cd4-82db-064b582be537","created":"2026-05-13T09:35:00.000Z","modified":"2026-05-13T09:35:00.000Z","valid_from":"2026-05-13T09:35:00.000Z","name":"0a1fd68a1fbab226ed926977f89df6621713aac36da7ee076a30db99d8be4c5c","description":"IOC reported by @_tdatwja on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '0a1fd68a1fbab226ed926977f89df6621713aac36da7ee076a30db99d8be4c5c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/_tdatwja/status/2054495725900480924"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a7bd414-1b3a-5ad6-b367-2f1b7785bf46","created":"2026-05-13T09:56:00.000Z","modified":"2026-05-13T09:56:00.000Z","valid_from":"2026-05-13T09:56:00.000Z","name":"pexaro.vu","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pexaro.vu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2054500930129907753"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af2bb779-aa2b-57e6-9f5e-110d2e06724f","created":"2026-05-13T09:56:00.000Z","modified":"2026-05-13T09:56:00.000Z","valid_from":"2026-05-13T09:56:00.000Z","name":"https://pexaro.vu/nja/index.html","description":"IOC reported by @Priv8Shops on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://pexaro.vu/nja/index.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Priv8Shops/status/2054500930129907753"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--655f0ada-0a2e-5a6b-bac3-4fea38241330","created":"2026-05-13T10:00:00.000Z","modified":"2026-05-13T10:00:00.000Z","valid_from":"2026-05-13T10:00:00.000Z","name":"upohold-logiinus.godaddysites.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'upohold-logiinus.godaddysites.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054501957050491130"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49e2daa3-2475-58b9-810a-050ecbb896fe","created":"2026-05-13T10:00:00.000Z","modified":"2026-05-13T10:00:00.000Z","valid_from":"2026-05-13T10:00:00.000Z","name":"https://upohold-logiinus.godaddysites.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://upohold-logiinus.godaddysites.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054501957050491130"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ef3425ed-e8d5-59db-9f37-36cce4da0ddd","created":"2026-05-13T10:40:00.000Z","modified":"2026-05-13T10:40:00.000Z","valid_from":"2026-05-13T10:40:00.000Z","name":"http://151.80.169.178","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://151.80.169.178']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054512062781378663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cb50a4ff-0d71-584f-9042-97605a4a002f","created":"2026-05-13T10:40:00.000Z","modified":"2026-05-13T10:40:00.000Z","valid_from":"2026-05-13T10:40:00.000Z","name":"151.80.169.178","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '151.80.169.178']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054512062781378663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--82ce4f6d-5239-5ba2-ba78-93f364634aa5","created":"2026-05-13T10:40:00.000Z","modified":"2026-05-13T10:40:00.000Z","valid_from":"2026-05-13T10:40:00.000Z","name":"e2d282627a232e4f6231c8ff0108a08b4e40c14104199d78a9e7e08ff377f248","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'e2d282627a232e4f6231c8ff0108a08b4e40c14104199d78a9e7e08ff377f248']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054512062781378663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0471370e-5ec9-5544-8b80-b8e41107dabd","created":"2026-05-13T10:40:00.000Z","modified":"2026-05-13T10:40:00.000Z","valid_from":"2026-05-13T10:40:00.000Z","name":"098be7f80aa90d2fcdd2996d8d4126f7a7fb759d429cc9f6327c9bdd48afc1b8","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '098be7f80aa90d2fcdd2996d8d4126f7a7fb759d429cc9f6327c9bdd48afc1b8']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054512062781378663"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9fcad5ab-b2f4-5dea-a7e9-5306722d15a4","created":"2026-05-13T10:44:00.000Z","modified":"2026-05-13T10:44:00.000Z","valid_from":"2026-05-13T10:44:00.000Z","name":"www11811wwqdqq-1387243555.cos.ap-hongkong.myqcloud.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'www11811wwqdqq-1387243555.cos.ap-hongkong.myqcloud.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054513108031316006"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e0a691bb-92a8-5194-8a2c-8243f386b230","created":"2026-05-13T10:44:00.000Z","modified":"2026-05-13T10:44:00.000Z","valid_from":"2026-05-13T10:44:00.000Z","name":"http://www11811wwqdqq-1387243555.cos.ap-hongkong.myqcloud.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://www11811wwqdqq-1387243555.cos.ap-hongkong.myqcloud.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054513108031316006"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a99a7089-ef2d-5de2-b778-9f42bc849d9d","created":"2026-05-13T10:44:00.000Z","modified":"2026-05-13T10:44:00.000Z","valid_from":"2026-05-13T10:44:00.000Z","name":"http://8.218.252.45","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://8.218.252.45']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054513108031316006"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--54d84a8a-b2b5-5812-ab76-badef0695c5a","created":"2026-05-13T10:44:00.000Z","modified":"2026-05-13T10:44:00.000Z","valid_from":"2026-05-13T10:44:00.000Z","name":"8.218.252.45","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '8.218.252.45']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054513108031316006"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--32effdbf-c1dc-5c4e-aeca-2e1ae9b42c00","created":"2026-05-13T10:44:00.000Z","modified":"2026-05-13T10:44:00.000Z","valid_from":"2026-05-13T10:44:00.000Z","name":"d5b10a827a2811d516cf6e0d601eb9d7354d37b7d7e5791aceb0227482f3227a","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd5b10a827a2811d516cf6e0d601eb9d7354d37b7d7e5791aceb0227482f3227a']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054513108031316006"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6cf55e3-4ebc-53f5-8fb3-ae1e361491f3","created":"2026-05-13T10:48:00.000Z","modified":"2026-05-13T10:48:00.000Z","valid_from":"2026-05-13T10:48:00.000Z","name":"velmorixan67.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'velmorixan67.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054514055537152062"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fc0912f-601b-5bf1-87d7-44c0d085d1f0","created":"2026-05-13T10:48:00.000Z","modified":"2026-05-13T10:48:00.000Z","valid_from":"2026-05-13T10:48:00.000Z","name":"http://velmorixan67.org","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://velmorixan67.org']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054514055537152062"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--bc26d257-abd3-557d-a548-58b4ade08327","created":"2026-05-13T10:48:00.000Z","modified":"2026-05-13T10:48:00.000Z","valid_from":"2026-05-13T10:48:00.000Z","name":"expressupdatedata.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'expressupdatedata.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054514055537152062"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0ff28b6d-c56f-579f-9f04-f4fb9ada35f1","created":"2026-05-13T10:48:00.000Z","modified":"2026-05-13T10:48:00.000Z","valid_from":"2026-05-13T10:48:00.000Z","name":"http://expressupdatedata.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://expressupdatedata.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054514055537152062"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--78d4b2cc-9cf9-5ab9-bc4c-a2ab509c88af","created":"2026-05-13T10:48:00.000Z","modified":"2026-05-13T10:48:00.000Z","valid_from":"2026-05-13T10:48:00.000Z","name":"10ac291868de15712fb32100f25f5c0331fba5e70ef0347b953474d9b153bb81","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '10ac291868de15712fb32100f25f5c0331fba5e70ef0347b953474d9b153bb81']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054514055537152062"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--2c11eab2-dfb6-5928-bdd7-4574fdb2d784","created":"2026-05-13T11:06:00.000Z","modified":"2026-05-13T11:06:00.000Z","valid_from":"2026-05-13T11:06:00.000Z","name":"ifo-jupyter.natter.icu","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ifo-jupyter.natter.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054518692298273011"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c36789c-4bb1-55ab-a9c9-162ea07ef7a5","created":"2026-05-13T11:06:00.000Z","modified":"2026-05-13T11:06:00.000Z","valid_from":"2026-05-13T11:06:00.000Z","name":"https://ifo-jupyter.natter.icu/wp-content/plugins/easy-product-bundle","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ifo-jupyter.natter.icu/wp-content/plugins/easy-product-bundle']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054518692298273011"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a18529c5-533f-5405-90ce-0f64fd926203","created":"2026-05-13T11:06:00.000Z","modified":"2026-05-13T11:06:00.000Z","valid_from":"2026-05-13T11:06:00.000Z","name":"ce1822f4150fb641b445c3b85f990ecbe68bf30ee3ee2cc8e5e92f45d8ae3937","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'ce1822f4150fb641b445c3b85f990ecbe68bf30ee3ee2cc8e5e92f45d8ae3937']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054518692298273011"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4eb2a9e-7a95-5a79-beb0-fc4086d03502","created":"2026-05-13T11:08:00.000Z","modified":"2026-05-13T11:08:00.000Z","valid_from":"2026-05-13T11:08:00.000Z","name":"adaptor-individual-signing-statute.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'adaptor-individual-signing-statute.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054519199704236491"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a87376e8-b1dd-51fa-a65b-e34a6f485031","created":"2026-05-13T11:08:00.000Z","modified":"2026-05-13T11:08:00.000Z","valid_from":"2026-05-13T11:08:00.000Z","name":"https://adaptor-individual-signing-statute.trycloudflare.com","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://adaptor-individual-signing-statute.trycloudflare.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054519199704236491"}],"labels":["opendir"]},{"type":"indicator","spec_version":"2.1","id":"indicator--88b11c03-0475-526f-b2a9-442c839680ba","created":"2026-05-13T11:21:00.000Z","modified":"2026-05-13T11:21:00.000Z","valid_from":"2026-05-13T11:21:00.000Z","name":"kanpyasunfursathemnbashur3498023209.click","description":"IOC reported by @CatcherPhishing on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'kanpyasunfursathemnbashur3498023209.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/CatcherPhishing/status/2054522495672201542"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b8a56bb0-f399-5ad2-aef3-097e04c2ddfe","created":"2026-05-13T11:21:00.000Z","modified":"2026-05-13T11:21:00.000Z","valid_from":"2026-05-13T11:21:00.000Z","name":"https://kanpyasunfursathemnbashur3498023209.click","description":"IOC reported by @CatcherPhishing on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://kanpyasunfursathemnbashur3498023209.click']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/CatcherPhishing/status/2054522495672201542"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--304fab1d-065d-559d-af64-2a14b5d210e3","created":"2026-05-13T11:42:00.000Z","modified":"2026-05-13T11:42:00.000Z","valid_from":"2026-05-13T11:42:00.000Z","name":"freecoinairdrop-two.vercel.app","description":"IOC reported by @CatcherPhishing on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'freecoinairdrop-two.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/CatcherPhishing/status/2054527619958296586"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d16ffe0-7d24-5656-be21-33d9456f089d","created":"2026-05-13T11:42:00.000Z","modified":"2026-05-13T11:42:00.000Z","valid_from":"2026-05-13T11:42:00.000Z","name":"https://freecoinairdrop-two.vercel.app","description":"IOC reported by @CatcherPhishing on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://freecoinairdrop-two.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/CatcherPhishing/status/2054527619958296586"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4c93c9cf-1e37-5368-83b0-3db878286c55","created":"2026-05-13T11:57:00.000Z","modified":"2026-05-13T11:57:00.000Z","valid_from":"2026-05-13T11:57:00.000Z","name":"intechcloudhosting.com","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'intechcloudhosting.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054531363118710935"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b6c7dd22-4f44-5dba-ba03-2c27febe76b0","created":"2026-05-13T11:57:00.000Z","modified":"2026-05-13T11:57:00.000Z","valid_from":"2026-05-13T11:57:00.000Z","name":"https://intechcloudhosting.com/b/index.php","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://intechcloudhosting.com/b/index.php']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054531363118710935"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3fbcc082-482f-5457-86cb-c77cac4997cf","created":"2026-05-13T11:57:00.000Z","modified":"2026-05-13T11:57:00.000Z","valid_from":"2026-05-13T11:57:00.000Z","name":"whinypaluza.com","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'whinypaluza.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054531363118710935"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--76d8ae05-39de-5c87-8fea-e83d2663b7b6","created":"2026-05-13T11:57:00.000Z","modified":"2026-05-13T11:57:00.000Z","valid_from":"2026-05-13T11:57:00.000Z","name":"https://whinypaluza.com/wp-content/upgrade/ceri/index.html","description":"IOC reported by @JAMESWT_WT on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://whinypaluza.com/wp-content/upgrade/ceri/index.html']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/JAMESWT_WT/status/2054531363118710935"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--900ee29a-40e9-5af4-926a-5e79e2a556b0","created":"2026-05-13T12:00:00.000Z","modified":"2026-05-13T12:00:00.000Z","valid_from":"2026-05-13T12:00:00.000Z","name":"xn--2n1b810a1er8ivvcx0yyhc.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xn--2n1b810a1er8ivvcx0yyhc.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054532153484955991"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7dcc524c-d128-5a94-80df-605b8222957f","created":"2026-05-13T12:00:00.000Z","modified":"2026-05-13T12:00:00.000Z","valid_from":"2026-05-13T12:00:00.000Z","name":"https://xn--2n1b810a1er8ivvcx0yyhc.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://xn--2n1b810a1er8ivvcx0yyhc.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054532153484955991"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3b6c7b03-a711-5e0c-a492-55c85c07e973","created":"2026-05-13T12:23:00.000Z","modified":"2026-05-13T12:23:00.000Z","valid_from":"2026-05-13T12:23:00.000Z","name":"c29t1jqg9qfc16yycas6eq0jyhz.live","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'c29t1jqg9qfc16yycas6eq0jyhz.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054538128493555815"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9b2aa54f-722c-5793-a98f-e75dddc09252","created":"2026-05-13T12:23:00.000Z","modified":"2026-05-13T12:23:00.000Z","valid_from":"2026-05-13T12:23:00.000Z","name":"https://c29t1jqg9qfc16yycas6eq0jyhz.live","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://c29t1jqg9qfc16yycas6eq0jyhz.live']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054538128493555815"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34dc11b9-5120-5e20-9c89-38bc32dd32fb","created":"2026-05-13T12:23:00.000Z","modified":"2026-05-13T12:23:00.000Z","valid_from":"2026-05-13T12:23:00.000Z","name":"9a84358abd65a12ccba385d3ebd4ec6a89c720b29abf31732c479503709d5059","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '9a84358abd65a12ccba385d3ebd4ec6a89c720b29abf31732c479503709d5059']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054538128493555815"}],"labels":["malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58999904-efa0-5fd5-96f9-5370386dc734","created":"2026-05-13T13:06:00.000Z","modified":"2026-05-13T13:06:00.000Z","valid_from":"2026-05-13T13:06:00.000Z","name":"m365.outsystems-usa.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'm365.outsystems-usa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2054548803177607219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fdf8a75-5a86-5cbb-a8bc-910053b23503","created":"2026-05-13T13:06:00.000Z","modified":"2026-05-13T13:06:00.000Z","valid_from":"2026-05-13T13:06:00.000Z","name":"http://m365.outsystems-usa.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://m365.outsystems-usa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2054548803177607219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd24262e-8b12-56ba-bd29-67d5e268c694","created":"2026-05-13T13:06:00.000Z","modified":"2026-05-13T13:06:00.000Z","valid_from":"2026-05-13T13:06:00.000Z","name":"secure.outsystems-usa.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'secure.outsystems-usa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2054548803177607219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0fdf3b1d-ee0f-59ba-826e-49f75ff10149","created":"2026-05-13T13:06:00.000Z","modified":"2026-05-13T13:06:00.000Z","valid_from":"2026-05-13T13:06:00.000Z","name":"http://secure.outsystems-usa.com","description":"IOC reported by @Kb4Threatlabs on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://secure.outsystems-usa.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Kb4Threatlabs/status/2054548803177607219"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b74b59e4-2bf4-5882-b22f-0afc7d7948f4","created":"2026-05-13T13:18:00.000Z","modified":"2026-05-13T13:18:00.000Z","valid_from":"2026-05-13T13:18:00.000Z","name":"jp-postbank.nmbcv.com","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'jp-postbank.nmbcv.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054551753295835210"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9896e702-53dc-553e-abaf-4360ab01fe13","created":"2026-05-13T13:18:00.000Z","modified":"2026-05-13T13:18:00.000Z","valid_from":"2026-05-13T13:18:00.000Z","name":"https://jp-postbank.nmbcv.com/eFtDCclH","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://jp-postbank.nmbcv.com/eFtDCclH']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054551753295835210"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1fc6dd45-2a03-5166-b1b2-6c5b30aa7e3f","created":"2026-05-13T13:18:00.000Z","modified":"2026-05-13T13:18:00.000Z","valid_from":"2026-05-13T13:18:00.000Z","name":"195.86.16.149","description":"IOC reported by @harugasumi on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '195.86.16.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/harugasumi/status/2054551753295835210"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ffa8afd3-665b-59a8-ad59-0f97f6898c70","created":"2026-05-13T13:26:00.000Z","modified":"2026-05-13T13:26:00.000Z","valid_from":"2026-05-13T13:26:00.000Z","name":"https://xwjyzxf-jp77.icu","description":"IOC reported by @bomccss on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://xwjyzxf-jp77.icu']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bomccss/status/2054553783603220488"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c6592152-daea-5276-9c62-38a538aa4d34","created":"2026-05-13T13:26:00.000Z","modified":"2026-05-13T13:26:00.000Z","valid_from":"2026-05-13T13:26:00.000Z","name":"http://38.76.199.112/Check.zip","description":"IOC reported by @bomccss on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://38.76.199.112/Check.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bomccss/status/2054553788883849289"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9de36f97-dc30-5a0b-89cb-f35914db182f","created":"2026-05-13T13:26:00.000Z","modified":"2026-05-13T13:26:00.000Z","valid_from":"2026-05-13T13:26:00.000Z","name":"38.76.199.112","description":"IOC reported by @bomccss on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '38.76.199.112']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bomccss/status/2054553788883849289"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d5e4215-dbfe-5c51-890e-57f1346d966f","created":"2026-05-13T13:26:00.000Z","modified":"2026-05-13T13:26:00.000Z","valid_from":"2026-05-13T13:26:00.000Z","name":"8b7ca9f2836e43a5655dafcf5cb8e580e091b341db66d0896a816c96a52aa60c","description":"IOC reported by @bomccss on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8b7ca9f2836e43a5655dafcf5cb8e580e091b341db66d0896a816c96a52aa60c']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bomccss/status/2054553788883849289"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cd7d694-7181-5710-a4dc-f4f3a27cf39d","created":"2026-05-13T13:26:00.000Z","modified":"2026-05-13T13:26:00.000Z","valid_from":"2026-05-13T13:26:00.000Z","name":"Check.zip","description":"IOC reported by @bomccss on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'Check.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bomccss/status/2054553790507073915"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc397f9a-98e3-578c-b406-2e8985dbc254","created":"2026-05-13T13:26:00.000Z","modified":"2026-05-13T13:26:00.000Z","valid_from":"2026-05-13T13:26:00.000Z","name":"http://Check.zip","description":"IOC reported by @bomccss on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://Check.zip']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bomccss/status/2054553790507073915"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--5a5c6400-70ef-5524-a35f-0466a25efb54","created":"2026-05-13T13:26:00.000Z","modified":"2026-05-13T13:26:00.000Z","valid_from":"2026-05-13T13:26:00.000Z","name":"http://38.76.199.112:28888","description":"IOC reported by @bomccss on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://38.76.199.112:28888']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bomccss/status/2054553790507073915"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--3385cb88-5f42-5957-b4d0-098bd42de60a","created":"2026-05-13T13:26:00.000Z","modified":"2026-05-13T13:26:00.000Z","valid_from":"2026-05-13T13:26:00.000Z","name":"c0c21b0cacc2aed672764d322e2e15ea6dd95dfd06126d0266354a1ecbb1f1b3","description":"IOC reported by @bomccss on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'c0c21b0cacc2aed672764d322e2e15ea6dd95dfd06126d0266354a1ecbb1f1b3']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/bomccss/status/2054553790507073915"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--08988aac-ecab-5ac0-a1c3-2b486621c25b","created":"2026-05-13T14:00:00.000Z","modified":"2026-05-13T14:00:00.000Z","valid_from":"2026-05-13T14:00:00.000Z","name":"secure-univ-antilles-fr.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'secure-univ-antilles-fr.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054562352188530786"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b851917b-96ce-51ea-bdbc-578831c60192","created":"2026-05-13T14:00:00.000Z","modified":"2026-05-13T14:00:00.000Z","valid_from":"2026-05-13T14:00:00.000Z","name":"https://secure-univ-antilles-fr.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://secure-univ-antilles-fr.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054562352188530786"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2345009-9ab3-5b21-a491-7d4686da2816","created":"2026-05-13T14:09:00.000Z","modified":"2026-05-13T14:09:00.000Z","valid_from":"2026-05-13T14:09:00.000Z","name":"162.214.153.83","description":"IOC reported by @PhishStats on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '162.214.153.83']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/PhishStats/status/2054564585428935062"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d305968f-c546-5d31-a44e-f15d1252f6ef","created":"2026-05-13T15:03:00.000Z","modified":"2026-05-13T15:03:00.000Z","valid_from":"2026-05-13T15:03:00.000Z","name":"dinewithuss.de","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dinewithuss.de']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2054578232599494954"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a00b8ecc-3e72-5b92-9719-4908a2d5c862","created":"2026-05-13T15:03:00.000Z","modified":"2026-05-13T15:03:00.000Z","valid_from":"2026-05-13T15:03:00.000Z","name":"http://dinewithuss.de","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://dinewithuss.de']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2054578232599494954"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2a57ebd1-5da1-539f-b0df-1b7c0051d87c","created":"2026-05-13T15:03:00.000Z","modified":"2026-05-13T15:03:00.000Z","valid_from":"2026-05-13T15:03:00.000Z","name":"http://130.12.180.40","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://130.12.180.40']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2054578232599494954"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b67e185e-944c-5fd4-8074-ccc40ecdf713","created":"2026-05-13T15:03:00.000Z","modified":"2026-05-13T15:03:00.000Z","valid_from":"2026-05-13T15:03:00.000Z","name":"invltecirclle.de","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'invltecirclle.de']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2054578232599494954"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--926820b5-c506-5c04-afe4-8ad07cf2b16b","created":"2026-05-13T15:03:00.000Z","modified":"2026-05-13T15:03:00.000Z","valid_from":"2026-05-13T15:03:00.000Z","name":"http://invltecirclle.de","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://invltecirclle.de']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2054578232599494954"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f697d05d-6886-5d3e-bf54-1a5a2c0afaf6","created":"2026-05-13T15:03:00.000Z","modified":"2026-05-13T15:03:00.000Z","valid_from":"2026-05-13T15:03:00.000Z","name":"130.12.180.40","description":"IOC reported by @naumovax on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '130.12.180.40']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/naumovax/status/2054578232599494954"}],"labels":["RAT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--523710e9-5b70-565c-942e-f1a66d45436e","created":"2026-05-13T15:22:00.000Z","modified":"2026-05-13T15:22:00.000Z","valid_from":"2026-05-13T15:22:00.000Z","name":"firstcitizensecure.vercel.app","description":"IOC reported by @Alopsis on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'firstcitizensecure.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Alopsis/status/2054583063275802835"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e39ea420-1110-5f2c-ac40-c78ae9eb73ea","created":"2026-05-13T15:22:00.000Z","modified":"2026-05-13T15:22:00.000Z","valid_from":"2026-05-13T15:22:00.000Z","name":"https://firstcitizensecure.vercel.app","description":"IOC reported by @Alopsis on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://firstcitizensecure.vercel.app']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Alopsis/status/2054583063275802835"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--12417d75-2781-5e4b-a157-36507e28eed5","created":"2026-05-13T15:29:00.000Z","modified":"2026-05-13T15:29:00.000Z","valid_from":"2026-05-13T15:29:00.000Z","name":"driect-jabnnka-c.com","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'driect-jabnnka-c.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2054584727152345109"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a67b4ca5-4062-5243-895b-f87a5881e9e4","created":"2026-05-13T15:29:00.000Z","modified":"2026-05-13T15:29:00.000Z","valid_from":"2026-05-13T15:29:00.000Z","name":"https://driect-jabnnka-c.com","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://driect-jabnnka-c.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2054584727152345109"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--487d0c69-b737-5b39-913c-147af59d1070","created":"2026-05-13T15:29:00.000Z","modified":"2026-05-13T15:29:00.000Z","valid_from":"2026-05-13T15:29:00.000Z","name":"137.220.152.149","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '137.220.152.149']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2054584727152345109"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aaf205d3-8184-5628-aca7-e93250bc6dc0","created":"2026-05-13T15:34:00.000Z","modified":"2026-05-13T15:34:00.000Z","valid_from":"2026-05-13T15:34:00.000Z","name":"97361a91ba80981ca549ed19b2e2b9250fed6231027cd15418578b3db76b02ab","description":"IOC reported by @smica83 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '97361a91ba80981ca549ed19b2e2b9250fed6231027cd15418578b3db76b02ab']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/smica83/status/2054586126854181101"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--9e5bf101-8ca6-5fc2-afc2-8ddffb316ec0","created":"2026-05-13T16:00:00.000Z","modified":"2026-05-13T16:00:00.000Z","valid_from":"2026-05-13T16:00:00.000Z","name":"postnbgf.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'postnbgf.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054592548891508962"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--caed4fd6-0764-577e-9e8e-42f4fba22a0b","created":"2026-05-13T16:00:00.000Z","modified":"2026-05-13T16:00:00.000Z","valid_from":"2026-05-13T16:00:00.000Z","name":"https://postnbgf.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://postnbgf.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054592548891508962"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e96f6fd1-a07d-50d0-a760-f9291277ab94","created":"2026-05-13T16:20:00.000Z","modified":"2026-05-13T16:20:00.000Z","valid_from":"2026-05-13T16:20:00.000Z","name":"mem.calcuttaswimmingclub.com","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mem.calcuttaswimmingclub.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2054597569158750658"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d15352cd-2491-5d50-9ef1-de2c316bfc07","created":"2026-05-13T16:20:00.000Z","modified":"2026-05-13T16:20:00.000Z","valid_from":"2026-05-13T16:20:00.000Z","name":"https://mem.calcuttaswimmingclub.com/it/pagopa/log/msdpweb/","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mem.calcuttaswimmingclub.com/it/pagopa/log/msdpweb/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2054597569158750658"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b69744db-f94f-5ddf-a8ba-ca5b91a0c08b","created":"2026-05-13T18:00:00.000Z","modified":"2026-05-13T18:00:00.000Z","valid_from":"2026-05-13T18:00:00.000Z","name":"btnnthdtrhbhtrhcfgtrhchtr.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'btnnthdtrhbhtrhcfgtrhchtr.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054622744579318032"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37ad6368-0bf8-55b1-8a48-5a230aace73c","created":"2026-05-13T18:00:00.000Z","modified":"2026-05-13T18:00:00.000Z","valid_from":"2026-05-13T18:00:00.000Z","name":"https://btnnthdtrhbhtrhcfgtrhchtr.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://btnnthdtrhbhtrhcfgtrhchtr.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054622744579318032"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b395b8a9-c8f1-572c-85df-597008bbee9f","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"docinfo.ndocline-st51s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'docinfo.ndocline-st51s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--08e68c70-6c4a-53c1-981e-55e8c9179ea4","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"http://docinfo.ndocline-st51s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://docinfo.ndocline-st51s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6aca2c5e-08f5-5328-b13d-0e0c35cf4fff","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"reverifyblogmid0s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'reverifyblogmid0s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9001fd97-9e46-542b-86d9-fca24be63abe","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"http://reverifyblogmid0s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://reverifyblogmid0s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e5052c67-d683-5992-a2af-1eac62cb755a","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"uhmymkd.reverifyblogmid0s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'uhmymkd.reverifyblogmid0s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cfa0bcb-f28e-5ac7-9117-dfb82c630d61","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"http://uhmymkd.reverifyblogmid0s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://uhmymkd.reverifyblogmid0s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05265a15-e5a4-5691-8bec-c1e6eab69a86","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"naveblogedit33s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'naveblogedit33s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--13bdfc0c-e6ae-5597-bd12-5cb2088ddfea","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"http://naveblogedit33s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://naveblogedit33s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8fb020ec-eb14-5e41-9004-cd29bb19df70","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"qxnhdalc.naveblogedit33s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'qxnhdalc.naveblogedit33s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d0fa27b-b79f-57cd-8e0f-198dbeeecb22","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"http://qxnhdalc.naveblogedit33s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://qxnhdalc.naveblogedit33s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f11a28e-35b2-58d4-8f42-3fc2b2da5e6a","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"reverifyblogmid19s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'reverifyblogmid19s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02cf609a-92d6-564f-aaf2-d7e9a1376975","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"http://reverifyblogmid19s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://reverifyblogmid19s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39d42c90-9af1-5fad-b153-3815aad19ccc","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"mhjwsf.reverifyblogmid19s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mhjwsf.reverifyblogmid19s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cf0c6b3b-e78b-55b4-8ee4-7945d79f44e0","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"http://mhjwsf.reverifyblogmid19s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mhjwsf.reverifyblogmid19s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054629278256345117"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46d62100-5bc6-5a25-8ef4-45b22f17ddd3","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"nid-navertca.servehalflife.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-navertca.servehalflife.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2054622720541987055"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f19c293a-6de2-5e6c-853f-2cda8ed4149e","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"http://nid-navertca.servehalflife.com","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-navertca.servehalflife.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2054622720541987055"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5fb6d949-690e-570f-9326-f47d4e3ea1f8","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"http://27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2054622720541987055"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c41e64fd-bb60-5e1c-a8ea-f62b098b645e","created":"2026-05-13T18:26:00.000Z","modified":"2026-05-13T18:26:00.000Z","valid_from":"2026-05-13T18:26:00.000Z","name":"27.102.137.150","description":"IOC reported by @phatomcandle on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '27.102.137.150']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/phatomcandle/status/2054622720541987055"}],"labels":["APT","C2","Kimsuky","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50535afb-442a-5444-8033-4bb69b2fc3b5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"tpx2ee.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tpx2ee.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2568cd95-b7d1-58a3-8333-b77ca29f2716","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://tpx2ee.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tpx2ee.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8a64e274-6798-570f-b694-266757288958","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.tpx2ee.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.tpx2ee.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e8f065a-4329-5d8e-b905-7de6d4b1b18d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.tpx2ee.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.tpx2ee.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ca1372a-adc1-519b-8267-292de844c34d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntpo14ke.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntpo14ke.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a357228a-157d-506a-8a4b-016e6237f9b6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntpo14ke.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntpo14ke.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ff5b0a3-9860-55a6-abbf-533829115562","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid-login.ntpo14ke.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-login.ntpo14ke.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f43b583b-e1ea-585c-af60-42e886208153","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid-login.ntpo14ke.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-login.ntpo14ke.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e5714ce-8df0-5112-aab8-42a8669d4120","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntpo13ke.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntpo13ke.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31d1221d-eacb-569c-ab58-d0533b4e2ccb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntpo13ke.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntpo13ke.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be54bddf-569f-581d-9a23-b0198fe6f4a7","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidservers.ntpo13ke.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidservers.ntpo13ke.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8ba03bfb-0807-5661-8e53-6944ad70f5ed","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidservers.ntpo13ke.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidservers.ntpo13ke.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--97f2ed93-7ad2-508f-879d-07bb74dfb256","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"htr33ies.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'htr33ies.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1684fcd1-e145-501b-a5b1-76a70f8f8849","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://htr33ies.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://htr33ies.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--45ea2ca0-28ef-5079-bd06-f53e1086b5be","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidservers.htr33ies.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidservers.htr33ies.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f3d6fdc0-478e-5eec-803d-844e6949737f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidservers.htr33ies.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidservers.htr33ies.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fedf4c82-0587-5cd5-a731-dcd431ac4e89","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"opt38ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'opt38ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c8efa4d-31f6-509c-b495-195e4a8c0af9","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://opt38ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://opt38ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0936daeb-e3a5-5f39-82d5-682b4b91909a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidservers.opt38ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidservers.opt38ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--93684044-f885-5eca-9061-6041869fc324","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidservers.opt38ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidservers.opt38ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--affb609b-ad0f-5a94-8202-0d035a0ba005","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"itx6ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'itx6ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7cbbec75-72ac-5e6a-b77c-606412567a9b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://itx6ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://itx6ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac840956-315f-5fd4-9331-55fd5417814a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidservers.itx6ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidservers.itx6ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c07fc6a2-e880-51e0-9e90-e52ea654a56b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidservers.itx6ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidservers.itx6ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--202984e9-d900-5cec-9aae-e5f9ab22168a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"itx4ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'itx4ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cc113f07-db63-56f1-a4b6-1e590af30d0f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://itx4ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://itx4ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--797780ce-2032-5a0c-988e-ad6abe9577b5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"otx3ntp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'otx3ntp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--28b116a0-7229-5d47-b11b-6411b8fd56b4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://otx3ntp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://otx3ntp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f47d790-cfad-5d33-af36-2e8403d61feb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"opt39ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'opt39ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78f8afe5-8c12-5cd8-938e-5bff1a356018","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://opt39ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://opt39ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--230890ae-b476-57d7-a183-70fddb9ccfca","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidservers.opt39ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidservers.opt39ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8943b9a-c045-54e2-8894-3698c2bbc487","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidservers.opt39ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidservers.opt39ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2d2f3a8-db42-5a92-be6b-09845415bf0a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"otx19ntp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'otx19ntp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c2f2e90b-c4de-53f5-bb61-7ad69b96ed67","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://otx19ntp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://otx19ntp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--72f095fe-2394-557f-b316-ed6cf86751c5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"htr7edc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'htr7edc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f81d08b-e742-5554-bd15-a6a635df4ced","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://htr7edc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://htr7edc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59f531d9-dc2c-52bc-b972-8af9fa230821","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid-login.htr7edc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-login.htr7edc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f6f9cb1-5c68-5760-998d-13b69a0df46d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid-login.htr7edc.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-login.htr7edc.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e12eb644-51bd-5edb-aa56-74f09bcab31e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"opt36ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'opt36ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--df539b36-9bc1-5a5f-817f-e3a72a4dcd46","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://opt36ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://opt36ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0046bde3-3de4-5b97-93da-cafcc98a9d6d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nida.opt36ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nida.opt36ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39d49e03-f6ab-59f2-b379-1b02f46c20b5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nida.opt36ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nida.opt36ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1aa179fd-50b2-53e0-bcac-42add4e21862","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"opt5ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'opt5ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--87557fb9-6725-50fc-8609-bc5ecfe30a29","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://opt5ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://opt5ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054631705630359914"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--af69701a-d8f2-5a01-a3b6-5c489c2d660f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.opt5ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.opt5ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--37c92d7d-9e3c-5575-8929-ed95dd813526","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.opt5ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.opt5ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8c02807a-aff5-5e3b-aa4f-cb1165d79280","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"opt17ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'opt17ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f3cabee-58b3-53b9-8a9f-5cb029ce0b72","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://opt17ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://opt17ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0110313f-ae73-5dab-8b74-5ef4027ef5cb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.opt17ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.opt17ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--23454d60-4d49-5fc6-96a8-7e4d8194afa4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.opt17ntesx.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.opt17ntesx.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ab1e0c4-ad38-5ac8-b571-9091b018fc0d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"htr6ies.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'htr6ies.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2562798-1932-5491-a5cb-57b43c4a36be","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://htr6ies.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://htr6ies.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f083480a-7ce6-5b58-a1ad-5c1e26b9d61e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"htr19ies.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'htr19ies.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--840fd5bb-afa3-5fd7-a237-7b2cd3cdcbeb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://htr19ies.dynuddns.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://htr19ies.dynuddns.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--05c543f0-1af0-5ee5-8876-1c18f24e9645","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"itx26ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'itx26ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--716fba16-d20a-5e82-a7e2-a6703d67dd0b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://itx26ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://itx26ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--587c4695-fc55-5f58-960e-b41e64067062","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid-login.itx26ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-login.itx26ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--19a53879-d52e-5faf-8256-bd16d828aeac","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid-login.itx26ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-login.itx26ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf4ce767-90dc-5857-99cb-4c2b529160ce","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"trx16nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'trx16nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--961c11cb-fbf8-5fce-9d3b-c3c6c7a8d72e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://trx16nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://trx16nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f7ce43d9-3f8a-5b25-b62b-9aac5570b107","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.trx16nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.trx16nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--da0ea29b-61cf-5517-b71c-d8770e5f28b4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.trx16nts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.trx16nts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a4f903a-4c4d-5813-bbda-b18354386839","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"tpx11sdoc.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tpx11sdoc.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3aed6ea-6438-55da-a742-0fe09ec8a14f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://tpx11sdoc.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tpx11sdoc.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--235c596c-05b9-595f-86fa-9d51a0ac8ee7","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nida.tpx11sdoc.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nida.tpx11sdoc.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52417c44-75d8-5eca-9bf3-dd6dd1bea454","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nida.tpx11sdoc.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nida.tpx11sdoc.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3281d5a-d278-58a6-ba2e-08a93d7b9fe6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"txis3eo.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'txis3eo.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a030a460-25c8-5a8a-a0f1-2f1c53002bcb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://txis3eo.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://txis3eo.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--52c72774-7836-525f-a570-b1cd008d660c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nts19pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nts19pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--98b89c71-f3cd-5d15-9dfa-dc987d4ceede","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nts19pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nts19pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a21a6b2f-527d-5b3c-abff-4fb6c867191d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nav-logins.nts19pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nav-logins.nts19pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2b00fa0a-5b19-53d5-bdf4-9b578368e9c5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nav-logins.nts19pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nav-logins.nts19pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7fcc8d6a-2d21-5ea2-b245-342c4bb02472","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"mois11ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois11ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67462219-58c8-50d4-95f1-7fd6128d9d0c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://mois11ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois11ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--457183ec-46f4-5898-a464-318cfa6eff3c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nida.mois11ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nida.mois11ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--610bb3cb-0b08-52bb-9297-4efbaad537c8","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nida.mois11ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nida.mois11ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b2cd7cea-3669-560f-a098-37d567b50570","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"pntxes18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pntxes18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae5cc4c4-5116-5e10-a5f6-bc5f6e9667c7","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://pntxes18s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pntxes18s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2babdc92-c565-55d2-8b12-208d9ef78a83","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"itxa16ns.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'itxa16ns.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36cad630-f6db-53cc-a478-5176ff2180d2","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://itxa16ns.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://itxa16ns.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--99f75d8c-6c59-5b81-bd5f-98d4c7f044b5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nts9pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nts9pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--71a28e7b-e317-5969-8b6d-1d0b3845e20e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nts9pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nts9pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63388418-d77f-5067-8950-7f18cc61cdcc","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"itx8ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'itx8ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7009e7a2-eb0e-5093-bebc-27bc3c371a7d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://itx8ps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://itx8ps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--856798d1-532f-55be-986d-2b630326fd73","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"tois5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tois5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68e9e894-290a-58ad-9eaf-c6df43d9bb9d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://tois5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tois5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b098b2c7-419e-541f-93e8-98a121a1f54f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.tois5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.tois5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d798e74-c5f1-5c35-969a-45edf9eb9382","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.tois5ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.tois5ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bd4908d2-6940-55d2-9de4-f1def7b8b142","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"tpe5ie.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tpe5ie.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--65153266-9000-5c19-8bf5-5b63c65e19c2","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://tpe5ie.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tpe5ie.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--49ad5ed5-09d4-5b91-b724-44daa486be33","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"tois15ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'tois15ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c378aae7-08e6-538f-b47a-2eef46f070c7","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://tois15ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://tois15ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cfc6335-4e2e-582c-83c4-3bf8bbbccbcb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"xto14ic.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xto14ic.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--69d9ce71-010f-5f41-a2a8-c4d5d286d1bb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://xto14ic.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xto14ic.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9bb0ffff-10fb-54ad-bdf6-10e235c49550","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntx10sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntx10sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--42c60311-0c3a-5acd-ac16-e51034552280","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntx10sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntx10sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6840f72f-b425-53ca-b4f0-07c1f9360ffd","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"mois22ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois22ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b56d7efb-2e5b-5bfb-bcb3-e5bee577565f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://mois22ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois22ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e30b5b0-c5e5-5521-8be2-1265dc3993b6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"mois0ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois0ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b378c3f-a473-51b9-9f19-8d3c45ea57e6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://mois0ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois0ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e55c8911-d995-5770-a008-55ddc3487557","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"mois36ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois36ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--67a2b798-cf43-596e-a200-4235f8796afc","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://mois36ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois36ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fca4ce3e-a12b-50d8-b819-39580a32a426","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"mois26ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois26ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9aff5f62-2833-57c5-8667-3505641a7263","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://mois26ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois26ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d07b8782-855f-504f-9ec8-966889db52b8","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"mois39ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mois39ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a105554b-3699-5677-be41-1c5b064756bd","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://mois39ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://mois39ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3d5d587c-ca4d-537a-bfa3-5958bea5bbc6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid-login.mois26ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-login.mois26ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cecbb345-2699-5b76-852a-6755b39295df","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid-login.mois26ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-login.mois26ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--623ca415-0d24-5806-b64d-85099888cdc1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nida.mois22ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nida.mois22ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3888138d-6c65-57de-a29e-fac8ac85bdb0","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nida.mois22ex.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nida.mois22ex.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3243689-40b5-59cc-9f62-37339fc7c6ed","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nsc2tx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nsc2tx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e4caddaf-549f-5581-8b89-4bee463dd7b1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nsc2tx.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nsc2tx.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2fd30dbc-6a06-5702-87fe-63d7342b3fe0","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op10ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op10ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--190d6dbf-8ebe-524f-ba56-c340b1117ab3","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op10ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op10ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c21b8740-6c35-5471-be80-3a42626a6236","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.nts9pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.nts9pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c92a457c-676c-5b5d-bd28-eff964153e6c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.nts9pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.nts9pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fc636ba5-3cd1-52e2-8875-3c411340d25d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op11ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op11ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e6b8fa7d-ff80-5c12-a286-2402ee2bbe41","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op11ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op11ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a746684-838a-5daf-84ed-2965e395fe00","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op27ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op27ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--deaf6e74-1e3a-501a-a4df-a86b9101378e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op27ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op27ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a55124a9-a2ca-5af9-96a8-3bdde20d0148","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op34ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op34ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--de157869-678e-5476-bed9-fd289ae1c32e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op34ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op34ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c971113e-3198-5084-b4d1-005f398aff16","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op30ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op30ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6a553635-69d0-505c-828b-a78c0c3c5569","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op30ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op30ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--55d8c8a4-90f6-5dac-9bee-998820bee05e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op15ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op15ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1aea4517-e128-55ed-ba92-e2fcb7286ca7","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op15ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op15ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1e989cd4-a347-581f-94e8-e428f4ce6c5e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op36ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op36ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5135c64-556a-5f7d-8ec2-5b006257262a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op36ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op36ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c95fdf1b-2ba3-5702-ba29-a5f4d42486ad","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op19ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op19ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c27b856-6f7e-5591-abf5-186846c7f8c9","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op19ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op19ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c95b6e8-5477-5279-a695-11153ce4a750","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op17ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op17ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7760faad-2cba-55e0-8a4a-91be6eb4236b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op17ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op17ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4f619bcf-ca2b-5d3e-bf55-d371a4fa9a70","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op24ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op24ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be3dd43a-6f9c-5186-8bed-eb41d34cd750","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op24ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op24ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--716a246b-28b2-5046-ab03-623616b3fa5b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op22ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op22ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b46f20d-6492-5056-8733-ea709b2bdb97","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op22ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op22ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--432060d8-0ad7-5911-8058-adc44e74cb7a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op28ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op28ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34e2963b-4537-5675-a073-9ff0bb7d20fa","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op28ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op28ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f8c809ea-f0be-5d82-8727-1558a3fd539f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op35ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op35ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--11328a39-1590-580b-b7d2-86aad8506776","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op35ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op35ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4a26c6e3-bd40-537e-bfb5-80094972c61d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op29ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op29ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3172b261-5ff8-548c-b2ae-a03b3fed3967","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op29ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op29ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6146ccc0-2975-5d30-9900-c944e6c0f69a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op25ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op25ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c231db1-1f0b-560e-8c56-faf9c4ca5ac9","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op25ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op25ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4bfc66c1-379e-504e-ba6b-2eb5af4af14b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"op12ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'op12ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4849f5d2-848e-5b59-a503-35975ccd3cf2","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://op12ntyx.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://op12ntyx.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8bf15a34-0948-51b8-b1fc-6a9229b90c6e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nts8pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nts8pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c77db810-00a6-54a8-9e86-f28835ff2080","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nts8pops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nts8pops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b984b67-bed8-5cc1-97b0-3cb4ef1d475d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"als22nty.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'als22nty.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a4f07b78-30be-581d-a031-1a4521ff924f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://als22nty.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://als22nty.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d1a891b-eab5-5029-b72b-e1392cc437bd","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidservers.als22nty.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidservers.als22nty.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--66a00bf5-ef70-512a-a9e3-2dc63394a837","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidservers.als22nty.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidservers.als22nty.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cdf29a97-08d9-5eef-a998-909e68bd5884","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid.navipdes.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.navipdes.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0813a96-d42d-52a3-99bb-0758819b9a94","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid.navipdes.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.navipdes.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22cffa7b-b968-5bea-b1bb-c38a455b0520","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidloes.navipdes.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.navipdes.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68238c67-fd10-518d-8624-ee65e4d41c8b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidloes.navipdes.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.navipdes.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31b1c247-b954-5a0e-963f-1513acd8b527","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.navipdes.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.navipdes.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--68f5f5e0-4607-5b4f-832c-b41f28c407af","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.navipdes.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.navipdes.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5e48ae7-1041-57ad-a73d-198dc96d729e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntx25sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntx25sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8992882-cc99-5eed-9efb-5e3f377f8e11","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntx25sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntx25sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7429f3ad-1b25-5e6f-bb66-0201dcc24465","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid-login.ntx25sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-login.ntx25sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--924e46c0-639a-5590-b7bb-55ca44658463","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid-login.ntx25sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-login.ntx25sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--34ea1831-d488-58c9-97f8-9e033785e9db","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntx24sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntx24sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eef8580d-a037-5836-b519-12621bce7ab8","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntx24sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntx24sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6655e4fc-68f8-5928-ab48-971c44720e84","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nida.ntx24sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nida.ntx24sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--799a7c41-d9ab-5fde-9cc7-97f47fed7df1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nida.ntx24sp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nida.ntx24sp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ec4c03d6-f3c4-5217-87a7-73eaf1d5bfad","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp2s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp2s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7af229f8-ccd6-5238-9d5d-c0d37d6c8be9","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp2s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp2s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0341ff48-9041-5d0d-ae9a-d8979dfafc3c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp32s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp32s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--61b6e22b-3913-5a1a-a869-1308cc1aa0a5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp32s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp32s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d64bbfd-fa2d-5b4a-a3a4-1af173028fb9","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp39s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp39s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0bbeaf34-1337-52b0-b3cf-8d8e8f0cf81b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp39s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp39s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ef92f7d-660e-546d-956b-a6fe4a53279b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp35s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp35s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c563cdb1-06e0-5a44-9c33-83fd015aeb98","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp35s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp35s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04bc7b1b-bb88-51ab-a60d-f2cf48b1d4e5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp31s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp31s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--415ec302-98ad-5756-9dff-72e3397d8c3f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp31s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp31s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5de7dd6-1d06-5c63-806c-80aa3e7469e6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp28s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp28s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90b47951-77c0-572a-a28b-28304ae8d219","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp28s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp28s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a2ad66fb-2cf1-58b6-8640-3f86c3fba069","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp17s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp17s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bec4bcc1-f4e1-5fdd-852b-c7d4705f7e69","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp17s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp17s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--64449ede-35ab-5add-8584-380b4efcfd99","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp11s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp11s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3096d162-3e76-5616-bafb-068b7fe5038e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp11s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp11s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0bbab365-725a-5532-9c06-37823c1daaeb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp5s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp5s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f21220b-1cb2-5497-8844-d2d584536aca","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp5s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp5s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3ff1b4f-56fd-5990-92ed-751fdddd1bd1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp9s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp9s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0dc4200d-bcd2-5edf-954c-9fc0afb30b0c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp9s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp9s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f19de688-bb0a-5078-987d-a8871f619920","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp27s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp27s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d05d44ca-c9e2-5dc7-b1a1-5f4b10e67ad7","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp27s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp27s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--13311450-6b00-5cb5-a8aa-cabc10be20af","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp23s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp23s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--518695d8-146f-55e7-ada9-ea01438ba77e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp23s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp23s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8bdc686a-7850-5581-9852-3cf2214841ad","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp37s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp37s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07cba164-35f0-55ea-b250-9faa43bcaa75","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp37s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp37s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6f193b22-ace5-53e9-b1da-8e5b619b6882","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp33s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp33s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--58c0e8c0-8743-5140-8831-2c775af810c5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp33s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp33s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0c3bbd14-c6df-53a7-a2d7-264c40ae445d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp21s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp21s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9f32f847-1fbb-5394-a606-eb8c6e783c30","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp21s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp21s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5628195-aa11-54ef-96d5-887473a29874","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp6s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp6s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9cce77cf-6199-55a9-99fc-0e6fc409d3e2","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp6s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp6s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d8c3399a-33cc-5f43-8c16-53bac9d98b15","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp4s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp4s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--57699688-5964-52b2-94ed-0d56abd247b5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp4s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp4s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0caadb30-1d96-5bbf-972e-248a6544eebc","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxsp8s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxsp8s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ff629d9-4524-50d2-9cef-551497a2d5d5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxsp8s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxsp8s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ce1764d3-65b1-5aa6-966d-c869d5eeee52","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"pntsr27s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pntsr27s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c4922d2-5fde-5b14-ae67-59fe971d6445","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://pntsr27s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pntsr27s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--31d8c48e-ec05-5c77-9e9b-b2f156f682f4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"xn--n-cop-iyu.anav.iposepo.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'xn--n-cop-iyu.anav.iposepo.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b7a5cacb-de53-572a-9983-caaf87cdb98c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://xn--n-cop-iyu.anav.iposepo.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://xn--n-cop-iyu.anav.iposepo.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1ce6c243-b4bd-5f72-bf71-647fb1752e2a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"n-crop.anav.iposepo.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-crop.anav.iposepo.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--335f818e-2bf6-504b-b1b9-c8994bc06914","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://n-crop.anav.iposepo.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-crop.anav.iposepo.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1b8e8dc0-f88a-5e74-8a99-f48a0899e7b0","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntrsdos28s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntrsdos28s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d71044b6-691c-5943-91a0-4dc6c97b857d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntrsdos28s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntrsdos28s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b0ca250e-eed8-5c56-956e-3d20d0e2f1c1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"pntxes20s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'pntxes20s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0a30dcb7-91ae-50aa-b6c6-2ead9c4e8324","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://pntxes20s.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://pntxes20s.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d6b86bee-8459-56c3-b916-e9906a62e2bd","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ipseno31s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ipseno31s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6cf8f318-27ac-5ffb-824b-74a522ddf85b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ipseno31s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ipseno31s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--961a9e08-4513-5b87-929a-06c5980507ef","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ipseno5s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ipseno5s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--42ba81e3-56c6-5e38-b33a-42b259e7ea40","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ipseno5s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ipseno5s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e7f3a51-1ae8-56a0-ac86-b7875224ed2a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ipseno15s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ipseno15s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5dd5464a-585a-5894-a916-451b364c5836","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ipseno15s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ipseno15s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--82be1c02-296d-5bc0-8218-066fde69ff6d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ipseno10s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ipseno10s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--315f3bc3-0e9f-59e0-8c7e-6a3b9747082b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ipseno10s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ipseno10s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb4e65e9-71f6-5c38-acbb-1eb21ab0ded1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxdoe0s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxdoe0s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a901ee67-cfca-51ee-afba-84b42d9fed8c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxdoe0s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxdoe0s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c61efd61-3c77-59aa-835b-2de4a04426a0","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntrsdos38s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntrsdos38s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84fb5111-2b65-5995-a1e8-de90f1d39e25","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntrsdos38s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntrsdos38s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3cfcd76-acf0-5168-89e3-c20cc945cfb3","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntxdoe2s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntxdoe2s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5651e90b-30c2-58c7-ad32-41b9f6ca421f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntxdoe2s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntxdoe2s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--00c615bd-747a-5e33-b722-0599b74ceed1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntrsdos33s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntrsdos33s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86ea3390-a83a-5b97-ad52-71a30ae80c19","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntrsdos33s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntrsdos33s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3a9feb7d-affb-507d-b116-a0a79eacecab","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ntrsdos3s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntrsdos3s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3efdaeef-a72d-5e94-b639-6c7190145463","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ntrsdos3s.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ntrsdos3s.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c4af99b6-689f-54f3-b301-d0d1307a73c9","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.bnav.iterpost.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.bnav.iterpost.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6c012499-f7e7-573c-8cfa-c89a34891fbf","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.bnav.iterpost.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.bnav.iterpost.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63a03276-3a6a-521f-95a0-8d1602eb8493","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"n-store.enav.ipspcoep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'n-store.enav.ipspcoep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--78e347ee-c9fa-5735-b511-02684c3d7ba1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://n-store.enav.ipspcoep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://n-store.enav.ipspcoep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4b3d3801-3ab6-5a99-935e-e542b3662123","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"edocesnavs.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'edocesnavs.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--be5255c7-64e5-5298-8091-2463d0e7abb4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://edocesnavs.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://edocesnavs.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--abf1295f-87bd-5c4d-8a2e-35d7fd68bfff","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"switch.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'switch.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e3e95d3b-4b75-5223-a508-6c87108274fc","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://switch.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://switch.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a26cd03d-c68f-5a39-8989-99d1bd99376e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidloes.cnav.htxcpy.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.cnav.htxcpy.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c593a4b5-5a2d-526e-98da-858388c272f4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidloes.cnav.htxcpy.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.cnav.htxcpy.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b22293f5-6ace-5837-98d4-e0f040bb3238","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid.enav.ntxthom.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.enav.ntxthom.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3721d9f6-eec6-5322-95e3-8be4cbdbb4f8","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid.enav.ntxthom.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.enav.ntxthom.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c10275e-9a8e-562f-8d50-26a20f0540bf","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.anav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.anav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3ec17b2a-ec80-5820-9584-21d33fb1cda6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.anav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.anav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8bf73ed1-5159-5dcc-8224-9c8c31bfb5e8","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.bnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.bnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d255922-9e17-57f3-b90d-d34ab883cf3d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.bnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.bnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e61d79d4-07f3-5d7e-8bbf-23f388e1a1fb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.dnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.dnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4639c5da-0542-5a3b-bb90-1f1cefa8fa11","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.dnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.dnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2e5c1dcb-40f8-5f04-9421-cfe1ca02db08","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidloes.cnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.cnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4feb992a-8db3-5223-b8a8-9bbcdb37b072","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidloes.cnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.cnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6ebd2e45-c8a0-5870-aa9b-f17bcde814e1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidlogins.bnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidlogins.bnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--20a8648b-077d-52a7-92a4-d6b10c3cd885","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidlogins.bnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidlogins.bnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d558940d-3e10-590c-bbdd-f0ef9253e656","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid.dnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.dnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad39c849-a399-50fc-b8ff-2b6728dc1aa1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid.dnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.dnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6e6c222f-b3a7-548c-8b51-1c4710430840","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidlogins.dnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidlogins.dnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d053e531-e5d4-5cf2-8da6-eae67c8c9312","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidlogins.dnav.ntxhosts.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidlogins.dnav.ntxhosts.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ac2af067-7e4f-547a-8569-10f6ba6f18a9","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid.dnav.htxcpy.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.dnav.htxcpy.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f09d16f4-251f-5fcf-a8f3-b5210fc40da6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid.dnav.htxcpy.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.dnav.htxcpy.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aaec2a5d-4a9e-51b2-9351-ee6afc760294","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidlogins.dn.ntxals.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidlogins.dn.ntxals.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c3f10bf6-1429-5565-a382-fa9c659e2fbd","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidlogins.dn.ntxals.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidlogins.dn.ntxals.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--561a1558-f165-5eb1-b6fd-bec9a7823cde","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navs.dn.ntxals.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navs.dn.ntxals.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e8c40199-27d6-5731-af8c-a38fa6885071","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navs.dn.ntxals.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navs.dn.ntxals.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--696060b0-b0e2-5818-910d-576ac178c578","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navs.en.ntopeds.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navs.en.ntopeds.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--27eb145b-65ea-5475-8e94-271c288b76f6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navs.en.ntopeds.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navs.en.ntopeds.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4034ac8a-f428-5fd4-9e01-d863ccca0984","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid-servers.doc-ips.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-servers.doc-ips.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--911c45fa-e68b-53a5-b994-63c0a8ce2efe","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid-servers.doc-ips.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-servers.doc-ips.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3775727d-25fb-5173-89e3-a2612c7554ff","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navorlogins.doc-ips.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navorlogins.doc-ips.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9bf8c82-dcee-5291-8021-4877cff125ce","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navorlogins.doc-ips.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navorlogins.doc-ips.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2cc51da3-22d7-5c88-b5a4-b1a0c91c464b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navs.an.dpsipes.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navs.an.dpsipes.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d2d79e3-6185-5849-bbd8-f194e211e3ed","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navs.an.dpsipes.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navs.an.dpsipes.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50fb40d7-c026-5e8a-ac72-c357de0a440e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navs.cn.cofipdo.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navs.cn.cofipdo.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ae30f4f4-de62-5ae8-b286-08301a53fd28","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navs.cn.cofipdo.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navs.cn.cofipdo.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63bd5668-a791-5db2-9403-3d35955926d1","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid.cn.ipsnvlep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.cn.ipsnvlep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f0b373b-a3e0-555c-bdcf-7751b87f7b39","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid.cn.ipsnvlep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.cn.ipsnvlep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--efe22b70-9071-5d88-b2b1-4b5739c3036f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidloes.dn.ipsnvlep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.dn.ipsnvlep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14576f13-5e2b-537d-9007-4abf6c0d1a69","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidloes.dn.ipsnvlep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.dn.ipsnvlep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b94cb84-6114-567e-b796-b75d19c12b5e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nts.bn.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nts.bn.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--022338db-2a7f-520e-8a49-627a6822cf2e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nts.bn.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nts.bn.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd28fb48-0f6d-5652-a468-9b817bf98705","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidloes.an.ipsnvep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.an.ipsnvep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--287619a4-b9d5-5d81-a141-661610e62e7a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidloes.an.ipsnvep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.an.ipsnvep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--29a9be54-c146-5487-881b-4908e6348cdb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid.dn.ipsnvep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.dn.ipsnvep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3db15217-6534-5ed9-a93b-7c6b33cd481e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid.dn.ipsnvep.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.dn.ipsnvep.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4363a157-3c14-5e2c-bbd2-34d37caed73e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navlogs.moisalap.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navlogs.moisalap.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0e2585c2-80b2-5cc2-8a42-8beeffea70c2","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navlogs.moisalap.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navlogs.moisalap.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1d4297ad-475b-5b7a-b2c7-169de8230250","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidlogins.moisnoticed.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidlogins.moisnoticed.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f42b207-f299-58c2-befc-1dc0d59050eb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidlogins.moisnoticed.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidlogins.moisnoticed.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8411877b-2cdb-5c16-a4a9-7e54df5c40ca","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.moisalap.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.moisalap.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18163e56-cbc9-56e6-af0d-8e69dda4f634","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.moisalap.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.moisalap.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--786f7a45-c122-50e3-a525-87260a008899","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nides.moisalap.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nides.moisalap.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--143faf89-1870-5749-bb04-2df10bad57c9","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nides.moisalap.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nides.moisalap.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9094b6b2-fd0d-55f4-bdf4-be78c923fbf3","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navs.moisnoticed.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navs.moisnoticed.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3666b1e0-9b6e-52b5-895e-b5072beafca4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navs.moisnoticed.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navs.moisnoticed.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--50b459fa-5c70-50bd-8d5f-4ff48d243024","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nts.en.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nts.en.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9ba2e4c4-e2b9-5508-9e8a-ab7b96a98ab5","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nts.en.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nts.en.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f0d88f2e-1980-5c17-a18c-2b7bb7546130","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navs.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navs.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e01fe71-37d8-5c5f-9192-119e22b92cd8","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navs.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navs.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5bfe0baf-71f6-5bb7-99b2-adfe1706128c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.moisnoticed.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.moisnoticed.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e380a9a1-dcba-52fd-9955-a3d68f6da97c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.moisnoticed.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.moisnoticed.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f899575-760f-501d-b924-a230395c1071","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidloes.napses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.napses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c158f879-7b25-5f04-a78b-b6d8a09e48a7","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidloes.napses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.napses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--229d7db8-8c35-5a65-a566-1805c68c99d3","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidloes.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e9e734a6-ee7c-5bdc-9fee-24085d48eb33","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidloes.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2225dfda-970c-5891-bbb6-1402fd72043a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2dffc3e7-5365-5e18-85f6-d05c9b466118","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--86ff0e0d-dbd4-5c55-938f-4e269afb959e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"random_switch.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'random_switch.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--090e971c-7b4f-588a-9077-0e678e07eda6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://random_switch.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://random_switch.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6587d0bc-66b5-589b-b2bb-a1702db91255","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8f6382a6-99e5-5084-92b9-038ccf5e415d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid.navripses.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.navripses.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb6b9094-e2a7-5839-a2d9-e11b8b8fa92b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidservers.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidservers.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c1ce30fa-7473-523e-80c8-f8c84bb037fd","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidservers.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidservers.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--eb6b9512-89c9-5c34-ae72-ad505429dbf0","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navs.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navs.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8b509e6c-182d-5486-a74f-d887bd40314e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navs.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navs.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4dbc128b-06d2-5a02-bcf9-94b1ae335103","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidlogins.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidlogins.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7f54144c-cab1-5abf-8422-e571e91124ab","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidlogins.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidlogins.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5c3e03e3-ea92-5d63-85e1-e483d1fe6580","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.nedotps.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.nedotps.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ba5ee5f7-cd06-5b85-b394-ea073a1ff3bc","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.nedotps.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.nedotps.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--096f621a-8bea-521c-874b-30a8cd03cdfe","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navs.nedotps.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navs.nedotps.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--18874a46-5312-5ade-9f95-2e7125b9e213","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navs.nedotps.dns.navy","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navs.nedotps.dns.navy']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fa0e5809-b4e7-5ee0-888c-52694de13463","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"navs.navedtops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'navs.navedtops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5e03b760-3555-5e72-9e3d-ae0d236ff9fe","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://navs.navedtops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://navs.navedtops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f5785d8c-2b7c-5155-8524-3fb2253de57e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--aea4cc9e-5a1d-54ad-8fdb-eee5308ecee4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b570c34d-4845-5f41-a6da-bdbe5c4c9c64","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--40eac9d6-f709-53a3-9cb4-e045f09b6f2d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b203d94-71f1-5c08-b276-8a39c24764f8","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidloes.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1caeaa95-247b-5b79-b064-2d704f5767fe","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidloes.navps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.navps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1a190fe1-08d4-5139-aa14-e7f73d27b668","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.navedtops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.navedtops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e12444e6-36dd-54bc-a952-8351c9d48100","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.navedtops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.navedtops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5bc39afe-f89e-58f6-bff3-0afc2eee7ffb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidlogins.navedtops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidlogins.navedtops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ddb77648-8813-5dab-94dc-5a4908695230","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidlogins.navedtops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidlogins.navedtops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d844df7b-7306-5856-940b-0db18e1ada53","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidloes.navedtops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidloes.navedtops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3252cc6b-7a7d-5676-9c3a-5a335d51587e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidloes.navedtops.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidloes.navedtops.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e058061b-e27f-5411-8386-3ef5a464d3df","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nesever.bn.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nesever.bn.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--1c9b410a-8562-5aae-bc0f-18b2fd40e6dc","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nesever.bn.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nesever.bn.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0779ed53-5c4d-52b4-88e9-2bd14e3fc727","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ndocs.an.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocs.an.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a245dbee-af99-51df-98ce-a214cf9c023f","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ndocs.an.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocs.an.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f76dfb03-32ef-5302-b91b-4c01bd4f1097","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nesever.an.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nesever.an.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bf99978c-dbb5-504f-8e97-926952a50a7c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nesever.an.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nesever.an.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d444bc37-81d0-5e98-b2c8-db1822525e57","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ninvoce.bn.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ninvoce.bn.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--302d4c87-8eac-56ea-9b3c-93d84bbc86e4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ninvoce.bn.ntsotp.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ninvoce.bn.ntsotp.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--59665f20-613a-5abc-898f-79b4fc7c5b35","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nesever.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nesever.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07fc2f17-0bfc-588d-806a-f8786134d038","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nesever.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nesever.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--22b442a0-c027-5b89-ad83-56b2a47f9d8a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ninvoce.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ninvoce.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee3bf4cb-0662-556e-b063-6a4937276f7e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ninvoce.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ninvoce.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--39397fef-7eee-5b98-b5c1-89ff74c1c097","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidserver.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidserver.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--910f2557-a64d-5579-9556-916615897432","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidserver.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidserver.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--fefd7951-c6e5-53dd-89d0-41c52eef3b70","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nts.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nts.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6b8b3d78-82fb-5014-8b9a-04e16dcabca4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nts.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nts.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3af7abb5-1caa-58d5-aac0-ab5d12fca77e","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ndocs.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ndocs.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3e95360e-1f5a-5b61-ac2f-4d389bc47f7d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ndocs.navrrps.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ndocs.navrrps.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--60218afd-4a24-5ce0-b46f-9a65bad0fb45","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nida.edocesnavs.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nida.edocesnavs.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ad1212a2-1190-580b-a30c-22bde039b934","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nida.edocesnavs.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nida.edocesnavs.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--823e8218-f208-55aa-be6f-dea855737eb9","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid-login.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-login.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--45d7d0a9-8ee9-5d4e-a402-cff56b23c415","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid-login.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-login.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--dc95c00f-fd40-545e-8ac6-c60d67652dbd","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nida.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nida.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bed78b2d-0c07-518e-b788-723f31338fc4","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nida.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nida.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5d0a5ec9-6183-536e-a3f6-b7693e5f4495","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d07aa10d-1647-5582-bb65-99187d44cf7b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e34521f7-c145-5776-964a-a0a8d69a3b5a","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7f67927-bcf4-5db4-84d2-c81308f4ce4d","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0766f9d2-e24d-5740-81e0-cb015559246c","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nav-logins.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nav-logins.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--936500cb-4933-5acc-97ef-7b03a286be76","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nav-logins.ipscorped.dynv6.net","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nav-logins.ipscorped.dynv6.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--54ec2426-7795-56d9-a432-ecb8049d4561","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nidservers.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nidservers.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--805cf46a-5ccb-56ad-8c3b-949f395dcba6","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nidservers.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nidservers.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d69b4b05-03dd-5aa8-b88f-0a0ed16b0b44","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nids.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nids.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--affaca0f-d004-5496-acc2-b7f9061890d0","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nids.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nids.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--6affec29-1876-58e5-bc05-58d2e5c27eeb","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nida.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nida.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d4e6f581-f4b9-5120-9f9e-981e966d2d41","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nida.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nida.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7a76c5d9-8356-547b-a9f3-b52cb468b15b","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nav-logins.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nav-logins.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--04d359a7-16f1-515b-abcf-57f6348b8f83","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nav-logins.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nav-logins.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--63931c7e-3879-5f3e-bd5d-a6eaa35254f0","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"nid-login.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'nid-login.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e2a55560-ef1b-5270-8d17-72b36b1837ad","created":"2026-05-13T18:35:00.000Z","modified":"2026-05-13T18:35:00.000Z","valid_from":"2026-05-13T18:35:00.000Z","name":"http://nid-login.ntdinvocie.dns.army","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://nid-login.ntdinvocie.dns.army']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2050283519348261205"}],"labels":["DPRK","Kimsuky"]},{"type":"indicator","spec_version":"2.1","id":"indicator--09ca9c85-83f0-50a9-9d8b-6c781198c580","created":"2026-05-13T19:08:00.000Z","modified":"2026-05-13T19:08:00.000Z","valid_from":"2026-05-13T19:08:00.000Z","name":"http://176.226.230.116:38215/Mozi.m","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://176.226.230.116:38215/Mozi.m']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2054639827790815397"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4be1a286-430b-5fe3-a8f1-66451bafe812","created":"2026-05-13T19:08:00.000Z","modified":"2026-05-13T19:08:00.000Z","valid_from":"2026-05-13T19:08:00.000Z","name":"176.226.230.116","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '176.226.230.116']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2054639827790815397"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a42dfe25-1176-5f90-8e5b-bd76be6877b3","created":"2026-05-13T19:13:00.000Z","modified":"2026-05-13T19:13:00.000Z","valid_from":"2026-05-13T19:13:00.000Z","name":"http://142.248.80.144/lol.sh","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://142.248.80.144/lol.sh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2054641255133458854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--172f03b4-a27c-50be-9793-c6c040e17dca","created":"2026-05-13T19:13:00.000Z","modified":"2026-05-13T19:13:00.000Z","valid_from":"2026-05-13T19:13:00.000Z","name":"142.248.80.31","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '142.248.80.31']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2054641255133458854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e56546b-46fe-5f7d-947c-f923469f3fd0","created":"2026-05-13T19:13:00.000Z","modified":"2026-05-13T19:13:00.000Z","valid_from":"2026-05-13T19:13:00.000Z","name":"142.248.80.144","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '142.248.80.144']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2054641255133458854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--0f8ed644-a407-5104-a597-9940ba1ccf1a","created":"2026-05-13T19:13:00.000Z","modified":"2026-05-13T19:13:00.000Z","valid_from":"2026-05-13T19:13:00.000Z","name":"8ae5e4a4c875e45975faf989dbf83214","description":"IOC reported by @sicehice on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.MD5 = '8ae5e4a4c875e45975faf989dbf83214']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/sicehice/status/2054641255133458854"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b191dcb5-9de6-5f60-a48d-6e5f91a93100","created":"2026-05-13T19:19:00.000Z","modified":"2026-05-13T19:19:00.000Z","valid_from":"2026-05-13T19:19:00.000Z","name":"http://179.43.177.220:8080","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://179.43.177.220:8080']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054642760339112203"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--0511db0f-4ccb-5077-9f2f-ccb511f98385","created":"2026-05-13T19:19:00.000Z","modified":"2026-05-13T19:19:00.000Z","valid_from":"2026-05-13T19:19:00.000Z","name":"cdn.bgpweb.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cdn.bgpweb.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054642760339112203"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--5f39d916-65d3-57ed-99d7-f50b946a51e9","created":"2026-05-13T19:19:00.000Z","modified":"2026-05-13T19:19:00.000Z","valid_from":"2026-05-13T19:19:00.000Z","name":"http://cdn.bgpweb.com","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cdn.bgpweb.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054642760339112203"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2f3168d6-89b4-5510-9cc4-a3c62036ec49","created":"2026-05-13T19:19:00.000Z","modified":"2026-05-13T19:19:00.000Z","valid_from":"2026-05-13T19:19:00.000Z","name":"timetrakr.cloud","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'timetrakr.cloud']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054642760339112203"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--ee00ae3f-c7ec-5cd8-a874-849c2cab0a46","created":"2026-05-13T19:19:00.000Z","modified":"2026-05-13T19:19:00.000Z","valid_from":"2026-05-13T19:19:00.000Z","name":"http://timetrakr.cloud","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://timetrakr.cloud']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054642760339112203"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--94ea2ee3-b4ba-5c47-bc96-94b8c35ce380","created":"2026-05-13T19:19:00.000Z","modified":"2026-05-13T19:19:00.000Z","valid_from":"2026-05-13T19:19:00.000Z","name":"timetrakr.sbs","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'timetrakr.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054642760339112203"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--4d1ed258-4caa-5540-8172-7dbdfadd6a75","created":"2026-05-13T19:19:00.000Z","modified":"2026-05-13T19:19:00.000Z","valid_from":"2026-05-13T19:19:00.000Z","name":"http://timetrakr.sbs","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://timetrakr.sbs']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054642760339112203"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--bcb436ff-d2de-552b-8524-806d48c608b5","created":"2026-05-13T19:19:00.000Z","modified":"2026-05-13T19:19:00.000Z","valid_from":"2026-05-13T19:19:00.000Z","name":"179.43.177.220","description":"IOC reported by @500mk500 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '179.43.177.220']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/500mk500/status/2054642760339112203"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e00088e6-fc94-56d1-97ca-0318d2bbed3d","created":"2026-05-13T20:00:00.000Z","modified":"2026-05-13T20:00:00.000Z","valid_from":"2026-05-13T20:00:00.000Z","name":"bafybeidwoasanek4d77b4wzkmfz3j2cj4zidyqm7jj6a6636lnx2e5i7ie.ipfs.dweb.link","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'bafybeidwoasanek4d77b4wzkmfz3j2cj4zidyqm7jj6a6636lnx2e5i7ie.ipfs.dweb.link']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054652938425876792"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--02ced8a7-74a2-58a9-8d33-949aa4d5dca7","created":"2026-05-13T20:00:00.000Z","modified":"2026-05-13T20:00:00.000Z","valid_from":"2026-05-13T20:00:00.000Z","name":"https://bafybeidwoasanek4d77b4wzkmfz3j2cj4zidyqm7jj6a6636lnx2e5i7ie.ipfs.dweb.link","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://bafybeidwoasanek4d77b4wzkmfz3j2cj4zidyqm7jj6a6636lnx2e5i7ie.ipfs.dweb.link']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054652938425876792"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--b3d51458-5c5d-5d23-93b3-1ba76b552187","created":"2026-05-13T20:51:00.000Z","modified":"2026-05-13T20:51:00.000Z","valid_from":"2026-05-13T20:51:00.000Z","name":"driect-shk1na-c.com","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'driect-shk1na-c.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2054665909990834656"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e125b5be-fb69-598b-b4fe-919957fff485","created":"2026-05-13T20:51:00.000Z","modified":"2026-05-13T20:51:00.000Z","valid_from":"2026-05-13T20:51:00.000Z","name":"https://driect-shk1na-c.com/htm/sh1n/selectState","description":"IOC reported by @kubotaa3 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://driect-shk1na-c.com/htm/sh1n/selectState']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/kubotaa3/status/2054665909990834656"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--07e44262-7afd-5fd5-858c-966503fbe0c2","created":"2026-05-13T22:00:00.000Z","modified":"2026-05-13T22:00:00.000Z","valid_from":"2026-05-13T22:00:00.000Z","name":"correo-issste-gob-mx-owa.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'correo-issste-gob-mx-owa.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054683139654479996"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--341d42ee-26cc-5d0f-bd50-71234b88b02f","created":"2026-05-13T22:00:00.000Z","modified":"2026-05-13T22:00:00.000Z","valid_from":"2026-05-13T22:00:00.000Z","name":"https://correo-issste-gob-mx-owa.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://correo-issste-gob-mx-owa.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054683139654479996"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7c70b7fe-84b3-51ad-babe-ee4fae19d947","created":"2026-05-13T23:05:00.000Z","modified":"2026-05-13T23:05:00.000Z","valid_from":"2026-05-13T23:05:00.000Z","name":"rakuten-card.gfhrtt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rakuten-card.gfhrtt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054699527420973255"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7df504ff-aa63-5efc-ac5d-cbfec9fa31f6","created":"2026-05-13T23:05:00.000Z","modified":"2026-05-13T23:05:00.000Z","valid_from":"2026-05-13T23:05:00.000Z","name":"http://rakuten-card.gfhrtt.com","description":"IOC reported by @skocherhan on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://rakuten-card.gfhrtt.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/skocherhan/status/2054699527420973255"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--36a07678-6b71-5595-8109-c26c75cf7ddc","created":"2026-05-14T00:00:00.000Z","modified":"2026-05-14T00:00:00.000Z","valid_from":"2026-05-14T00:00:00.000Z","name":"biglobemailservice.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'biglobemailservice.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054713353105244205"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d9cea1be-6b4b-5a45-a415-66ca70ddd034","created":"2026-05-14T00:00:00.000Z","modified":"2026-05-14T00:00:00.000Z","valid_from":"2026-05-14T00:00:00.000Z","name":"https://biglobemailservice.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://biglobemailservice.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054713353105244205"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--84a3ecf8-8b0a-5ca5-b0b4-13fa8b495302","created":"2026-05-14T00:36:00.000Z","modified":"2026-05-14T00:36:00.000Z","valid_from":"2026-05-14T00:36:00.000Z","name":"hhxpvpo.bond","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'hhxpvpo.bond']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054722396893122799"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--7b5bcd34-5be0-5e0c-83ad-618803d92f40","created":"2026-05-14T00:36:00.000Z","modified":"2026-05-14T00:36:00.000Z","valid_from":"2026-05-14T00:36:00.000Z","name":"https://hhxpvpo.bond/source/A9QLGXnyX47T","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://hhxpvpo.bond/source/A9QLGXnyX47T']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054722396893122799"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3bc9ec7c-3378-5b53-8fa1-5f4c8ca807ce","created":"2026-05-14T00:44:00.000Z","modified":"2026-05-14T00:44:00.000Z","valid_from":"2026-05-14T00:44:00.000Z","name":"d08b9af78ec25b65523967d2517d4d9d8dcd1068fca605288462cfd968ef5aee","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = 'd08b9af78ec25b65523967d2517d4d9d8dcd1068fca605288462cfd968ef5aee']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054724510319079833"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--1f796f6a-57b4-5f5c-bac5-d33cfdc51403","created":"2026-05-14T02:42:00.000Z","modified":"2026-05-14T02:42:00.000Z","valid_from":"2026-05-14T02:42:00.000Z","name":"http://github.com/happydream9028","description":"IOC reported by @MalforsHQ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://github.com/happydream9028']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/MalforsHQ/status/2054578037438517524"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d1a41da7-c51b-5dca-a5cd-4426574038f6","created":"2026-05-14T03:43:00.000Z","modified":"2026-05-14T03:43:00.000Z","valid_from":"2026-05-14T03:43:00.000Z","name":"beachjiujitsu.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'beachjiujitsu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054769662580379837"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--cd04462f-c234-5aba-9fdb-c77e05655944","created":"2026-05-14T03:43:00.000Z","modified":"2026-05-14T03:43:00.000Z","valid_from":"2026-05-14T03:43:00.000Z","name":"http://beachjiujitsu.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://beachjiujitsu.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054769662580379837"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--9d72e7ba-2e92-5e36-9e6d-d6ee85ef4357","created":"2026-05-14T04:18:00.000Z","modified":"2026-05-14T04:18:00.000Z","valid_from":"2026-05-14T04:18:00.000Z","name":"cherepahanataha.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'cherepahanataha.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054778413232353488"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--46b5db09-66b3-5a4d-bdc8-b07143967404","created":"2026-05-14T04:18:00.000Z","modified":"2026-05-14T04:18:00.000Z","valid_from":"2026-05-14T04:18:00.000Z","name":"http://cherepahanataha.com","description":"IOC reported by @masaomi346 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'http://cherepahanataha.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/masaomi346/status/2054778413232353488"}],"labels":["infostealer","malware"]},{"type":"indicator","spec_version":"2.1","id":"indicator--e96f6fd1-a07d-50d0-a760-f9291277ab94","created":"2026-05-14T05:00:00.000Z","modified":"2026-05-14T05:00:00.000Z","valid_from":"2026-05-14T05:00:00.000Z","name":"mem.calcuttaswimmingclub.com","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'mem.calcuttaswimmingclub.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2054788822571815004"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d15352cd-2491-5d50-9ef1-de2c316bfc07","created":"2026-05-14T05:00:00.000Z","modified":"2026-05-14T05:00:00.000Z","valid_from":"2026-05-14T05:00:00.000Z","name":"https://mem.calcuttaswimmingclub.com/it/pagopa/log/msdpweb/","description":"IOC reported by @AddressIntel on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://mem.calcuttaswimmingclub.com/it/pagopa/log/msdpweb/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/AddressIntel/status/2054788822571815004"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8eec0043-844a-55e3-8129-41238ea20650","created":"2026-05-14T05:15:00.000Z","modified":"2026-05-14T05:15:00.000Z","valid_from":"2026-05-14T05:15:00.000Z","name":"ntc-firewall.safeurl-content.online","description":"IOC reported by @__0XYC__ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'ntc-firewall.safeurl-content.online']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/__0XYC__/status/2054792675887382660"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--c325afa4-7bb7-56ad-98ac-ac46f99d60be","created":"2026-05-14T05:15:00.000Z","modified":"2026-05-14T05:15:00.000Z","valid_from":"2026-05-14T05:15:00.000Z","name":"https://ntc-firewall.safeurl-content.online/opx/mailflair/r/EZ6n6FMhSh","description":"IOC reported by @__0XYC__ on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://ntc-firewall.safeurl-content.online/opx/mailflair/r/EZ6n6FMhSh']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/__0XYC__/status/2054792675887382660"}],"labels":["APT"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a7c2c796-db9a-5ab7-a427-bff692eba675","created":"2026-05-14T05:49:00.000Z","modified":"2026-05-14T05:49:00.000Z","valid_from":"2026-05-14T05:49:00.000Z","name":"login.lbbacx.com","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.lbbacx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054801373880066388"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7ab1e309-aac0-532a-87d7-3d79ed7f0423","created":"2026-05-14T05:49:00.000Z","modified":"2026-05-14T05:49:00.000Z","valid_from":"2026-05-14T05:49:00.000Z","name":"https://login.lbbacx.com","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.lbbacx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054801373880066388"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--873a7e6d-25f0-5690-8ad6-b315090b4c79","created":"2026-05-14T05:49:00.000Z","modified":"2026-05-14T05:49:00.000Z","valid_from":"2026-05-14T05:49:00.000Z","name":"35.219.189.153","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '35.219.189.153']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054801373880066388"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7661862-fa29-5f74-8fbb-4a75ad442c72","created":"2026-05-14T06:00:00.000Z","modified":"2026-05-14T06:00:00.000Z","valid_from":"2026-05-14T06:00:00.000Z","name":"wemailacmontpellierfristatic0110nalldomainlayoutoginbleg.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'wemailacmontpellierfristatic0110nalldomainlayoutoginbleg.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054803961001939254"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--f72bc547-4d0a-5e78-86d2-b025286f8b51","created":"2026-05-14T06:00:00.000Z","modified":"2026-05-14T06:00:00.000Z","valid_from":"2026-05-14T06:00:00.000Z","name":"https://wemailacmontpellierfristatic0110nalldomainlayoutoginbleg.weebly.com","description":"IOC reported by @urldna_bot on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://wemailacmontpellierfristatic0110nalldomainlayoutoginbleg.weebly.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/urldna_bot/status/2054803961001939254"}],"labels":["phishing","scam"]},{"type":"indicator","spec_version":"2.1","id":"indicator--3c974e11-2703-50fe-8a25-33b449c49d9e","created":"2026-05-14T06:06:00.000Z","modified":"2026-05-14T06:06:00.000Z","valid_from":"2026-05-14T06:06:00.000Z","name":"194.163.148.133","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '194.163.148.133']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054805615269298684"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--2d5336b3-34a5-5c72-b96a-b12aa197562f","created":"2026-05-14T06:06:00.000Z","modified":"2026-05-14T06:06:00.000Z","valid_from":"2026-05-14T06:06:00.000Z","name":"892aa7559852a22b8bc7a38df7c2f2cdd866e4c28a8177d80df6190d2eb6a78b","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '892aa7559852a22b8bc7a38df7c2f2cdd866e4c28a8177d80df6190d2eb6a78b']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054805615269298684"}],"labels":["stealer"]},{"type":"indicator","spec_version":"2.1","id":"indicator--44da8abc-989e-5b37-9f57-f2cf025a62dd","created":"2026-05-14T06:11:00.000Z","modified":"2026-05-14T06:11:00.000Z","valid_from":"2026-05-14T06:11:00.000Z","name":"rqvzkqb.shbllgs.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'rqvzkqb.shbllgs.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054806822914232688"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--90b621dc-1602-50ed-ac69-2fd26b0a16fe","created":"2026-05-14T06:11:00.000Z","modified":"2026-05-14T06:11:00.000Z","valid_from":"2026-05-14T06:11:00.000Z","name":"https://rqvzkqb.shbllgs.cn/pkkjp/aenop/potyunde/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://rqvzkqb.shbllgs.cn/pkkjp/aenop/potyunde/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054806822914232688"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--8d4f3048-0623-5cf8-9c7f-c2e6b826f4ac","created":"2026-05-14T06:11:00.000Z","modified":"2026-05-14T06:11:00.000Z","valid_from":"2026-05-14T06:11:00.000Z","name":"login.ztjbbx.com","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'login.ztjbbx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054806913192542562"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--479de88d-3bc2-58d9-9258-a5dbe57191dd","created":"2026-05-14T06:11:00.000Z","modified":"2026-05-14T06:11:00.000Z","valid_from":"2026-05-14T06:11:00.000Z","name":"https://login.ztjbbx.com","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://login.ztjbbx.com']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054806913192542562"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--a552f54c-fb54-55f6-8b82-a96e78ba67bf","created":"2026-05-14T06:11:00.000Z","modified":"2026-05-14T06:11:00.000Z","valid_from":"2026-05-14T06:11:00.000Z","name":"35.219.141.232","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '35.219.141.232']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054806913192542562"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--b5d838f9-3389-54c6-8aff-6e732460c86b","created":"2026-05-14T06:14:00.000Z","modified":"2026-05-14T06:14:00.000Z","valid_from":"2026-05-14T06:14:00.000Z","name":"172.239.129.158","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '172.239.129.158']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054807559404732926"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--c8996fe5-fdd0-5d2a-bd66-d670f6c74fbb","created":"2026-05-14T06:14:00.000Z","modified":"2026-05-14T06:14:00.000Z","valid_from":"2026-05-14T06:14:00.000Z","name":"8a24907655a03f0f8b4991cb22a07c4f9e16626260f6dbcc748fbb4dc4720508","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8a24907655a03f0f8b4991cb22a07c4f9e16626260f6dbcc748fbb4dc4720508']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054807559404732926"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--4e0d2148-eb2c-55fb-ba5a-c97f048e0820","created":"2026-05-14T06:14:00.000Z","modified":"2026-05-14T06:14:00.000Z","valid_from":"2026-05-14T06:14:00.000Z","name":"8f2e5ee9a87752e1b0626dd2bb754aaa2f9d8ef19d3ae448a06d3c38e647b6d0","description":"IOC reported by @Fact_Finder03 on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[file:hashes.'SHA-256' = '8f2e5ee9a87752e1b0626dd2bb754aaa2f9d8ef19d3ae448a06d3c38e647b6d0']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Fact_Finder03/status/2054807559404732926"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--7035da5c-f6f9-506f-89d8-292de6ca828c","created":"2026-05-14T06:19:00.000Z","modified":"2026-05-14T06:19:00.000Z","valid_from":"2026-05-14T06:19:00.000Z","name":"dsrzzi.jetgq.cn","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'dsrzzi.jetgq.cn']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054808764763734451"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--d7695193-008b-5d2c-a0a1-5d33f68909be","created":"2026-05-14T06:19:00.000Z","modified":"2026-05-14T06:19:00.000Z","valid_from":"2026-05-14T06:19:00.000Z","name":"https://dsrzzi.jetgq.cn/jkautixtf/londut/","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://dsrzzi.jetgq.cn/jkautixtf/londut/']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054808764763734451"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--14646d38-f535-505d-9544-5d0ec6d3ce49","created":"2026-05-14T06:19:00.000Z","modified":"2026-05-14T06:19:00.000Z","valid_from":"2026-05-14T06:19:00.000Z","name":"165.154.231.146","description":"IOC reported by @Metemcyber on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '165.154.231.146']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Metemcyber/status/2054808764763734451"}],"labels":["phishing"]},{"type":"indicator","spec_version":"2.1","id":"indicator--a5c850a1-fcd9-5097-8622-b61d7d7d450c","created":"2026-05-14T06:27:00.000Z","modified":"2026-05-14T06:27:00.000Z","valid_from":"2026-05-14T06:27:00.000Z","name":"sufesuzu.z7.web.core.windows.net","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[domain-name:value = 'sufesuzu.z7.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054810788477768053"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--53dc60b1-b4d7-5274-a01f-ab1049a0487b","created":"2026-05-14T06:27:00.000Z","modified":"2026-05-14T06:27:00.000Z","valid_from":"2026-05-14T06:27:00.000Z","name":"https://sufesuzu.z7.web.core.windows.net","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[url:value = 'https://sufesuzu.z7.web.core.windows.net']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054810788477768053"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--16422871-509b-5764-a4a7-f4193e37c81e","created":"2026-05-14T06:27:00.000Z","modified":"2026-05-14T06:27:00.000Z","valid_from":"2026-05-14T06:27:00.000Z","name":"171.252.225.139","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '171.252.225.139']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054810788477768053"}]},{"type":"indicator","spec_version":"2.1","id":"indicator--162040b9-a741-534c-af77-e7389df9757c","created":"2026-05-14T06:27:00.000Z","modified":"2026-05-14T06:27:00.000Z","valid_from":"2026-05-14T06:27:00.000Z","name":"20.60.131.1","description":"IOC reported by @Yurinoki_Yurin on Twitter/X.","indicator_types":["malicious-activity"],"pattern":"[ipv4-addr:value = '20.60.131.1']","pattern_type":"stix","pattern_version":"2.1","created_by_ref":"identity--96b9f522-7592-502b-a5f7-8fa59a268afd","object_marking_refs":["marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487"],"external_references":[{"source_name":"twitter","url":"https://x.com/Yurinoki_Yurin/status/2054810788477768053"}]}]}