AlienVault OTX Threat Intelligence

API Connected Successfully

Displaying page 9 of available threat intelligence pulses.

Total pulses: 7,648

LokiBot - C2 IP/Domain Tracker TLP:white
AlienVault
Command and control servers for LokiBot, is a malware family known for delivering a Trojan that steals credentials and cryptocurrencies from the victim.
LokiBot
domain 172 hostname 21 URL 232
Created: Jun 10, 2022 2:20 PM Updated: May 21, 2025 6:18 AM
PrivateLoader - C2 IP/Domain Tracker TLP:amber
AlienVault
This pulse contains IOCs related to PrivateL:oader C2 Infrastructure. Additions are automatically added based on threat intel.
URL 65 domain 7
Created: Jan 24, 2024 5:23 PM Updated: May 21, 2025 6:15 AM
Gootloader - C2 IP/Domain Tracker TLP:amber
AlienVault
This pulse contains IPs hosting Gootloader malware. Additions are automatically added based on OTX sandboxed samples.
gootloader Banker Trojan IAB
URL 60
Created: Oct 23, 2023 4:29 PM Updated: May 21, 2025 12:10 AM
Brand impersonation, online ads, and malicious merchants help purchase scam network prey on victims TLP:white
AlienVault
A network of 71 purchase scam websites has been identified, linked to 12 shared merchant accounts used for fraudulent transactions. The scams employ brand impersonation, online ads, and malicious merchants to target victims. The network, operational since February 2025, uses typosquatting and brand logo abuse to impersonate legitimate retailers. Transactions with the identified merchant accounts are likely fraudulent and facilitate card compromise. The network's attribution remains unclear, possibly controlled by a single actor or multiple actors collaborating through dark web services. Mitigation strategies for card issuers and merchant acquirers are provided to reduce financial fraud and compliance risks associated with these scams.
dark web services online ads typosquatting transaction laundering purchase scam +1 more
domain 68 hostname 3
Created: May 20, 2025 9:16 PM Updated: May 20, 2025 9:27 PM
New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada TLP:white
AlienVault
Nitrogen, a new ransomware strain identified in September 2024, has become a significant threat to organizations worldwide, particularly in the financial sector. It encrypts critical data and demands substantial payments for decryption, targeting industries such as finance, construction, manufacturing, and technology in the United States, Canada, and the United Kingdom. The ransomware's attack chain begins with malvertising campaigns on search engines, tricking users into downloading trojanized installers. It uses tools like Cobalt Strike and Meterpreter shells to establish persistence and move laterally within networks. Notable victims include SRP Federal Credit Union, Red Barrels, Control Panels USA, and Kilgore Industries. Nitrogen employs sophisticated tactics, including system reconnaissance, advanced evasion techniques, and exploitation of vulnerable drivers to disable security tools.
data exfiltration malvertising ransomware cobalt strike nitrogen +2 more
FileHash-MD5 1 FileHash-SHA1 1 FileHash-SHA256 2
Created: May 20, 2025 7:27 PM Updated: May 20, 2025 7:29 PM
AI Chat
AI Assistant
×
Hello! I'm the MM Computers AI assistant. How can I help you today?