{
	"id": "fdfe7e48-f7d2-4476-abee-782e7546f7ec",
	"created_at": "2026-04-06T00:19:19.490744Z",
	"updated_at": "2026-04-10T03:26:40.119663Z",
	"deleted_at": null,
	"sha1_hash": "2ee2f3898efbf135ef9b7f0c60071df9d6904053",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 260185,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy bd.taylor\r\nArchived: 2026-04-05 16:51:58 UTC\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nPage 1 of 9\n\nACTIVIDAD MALICIOSA | Relacionada con Amadey 05-05-2025\r\nFileHash-MD5: 60 | FileHash-SHA1: 61 | FileHash-SHA256: 60 | URL: 5 | YARA: 1\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nPage 2 of 9\n\nIf you want to create an interactive image, try Genially, a free online design and design app that lets you design,\r\ncreate and create interactive images for your friends, family and friends..\r\n26 Subscribers\r\n480 Subscribers\r\n480 Subscribers\r\n480 Subscribers\r\nThreat Profile: RedLine Infostealer\r\nFileHash-MD5: 308 | FileHash-SHA1: 308 | FileHash-SHA256: 307 | URL: 54 | Domain: 7 | Email: 1 |\r\nHostname: 10\r\ninformation stealer, named RedLine Stealer by the author, was identified being delivered through spam email\r\ncampaigns, the malware is offered for sale on Russian dark web forums and as a tiered subscription allowing\r\nthreat actors to use the information stealer, subscribe at different costs and purchase different access levels. In\r\naddition to being a password stealer, RedLine has the capabilities to steal login information, autocomplete data,\r\npasswords, and credit cards information from browsers.\r\n240 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nPage 3 of 9\n\nThreat Profile: RedLine Infostealer\r\nFileHash-MD5: 308 | FileHash-SHA1: 308 | FileHash-SHA256: 307 | URL: 54 | Domain: 7 | Email: 1 |\r\nHostname: 10\r\ninformation stealer, named RedLine Stealer by the author, was identified being delivered through spam email\r\ncampaigns, the malware is offered for sale on Russian dark web forums and as a tiered subscription allowing\r\nthreat actors to use the information stealer, subscribe at different costs and purchase different access levels. In\r\naddition to being a password stealer, RedLine has the capabilities to steal login information, autocomplete data,\r\npasswords, and credit cards information from browsers.\r\n240 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nPage 4 of 9\n\n354 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nPage 5 of 9\n\nThreat Research | FireEye Inc\r\nFind out more about FireEye.com, the world's leading cyber security company, which provides security services to\r\nmore than 1.5 million customers across the globe, and offers a wide range of products and services.\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nPage 6 of 9\n\n17 Subscribers\r\nWastedLocker (Malware Family)\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nPage 7 of 9\n\nA new strain of ransomware known as WastedLocker has been detected by researchers at the University of\r\nCalifornia, San Francisco and the US National Security Agency (NSSA) in the United States.\r\n36 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nPage 8 of 9\n\nMailto (Malware Family)\r\nMichigan was attacked by a Ransom Malware. They were shown evidence of data on their network that had been\r\npulled from their system.\r\n44 Subscribers\r\n392 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:msupdater\r\nPage 9 of 9\n\nACTIVIDAD MALICIOSA https://otx.alienvault.com/browse/pulses?q=tag:msupdater | Relacionada con Amadey 05-05-2025 \nFileHash-MD5: 60 | FileHash-SHA1: 61 | FileHash-SHA256:  60 | URL: 5 | YARA: 1\n   Page 2 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:msupdater"
	],
	"report_names": [
		"pulses?q=tag:msupdater"
	],
	"threat_actors": [
		{
			"id": "abd17060-62f6-4743-95e8-3f23c82cc229",
			"created_at": "2022-10-25T15:50:23.428772Z",
			"updated_at": "2026-04-10T02:00:05.365894Z",
			"deleted_at": null,
			"main_name": "Putter Panda",
			"aliases": [
				"Putter Panda",
				"APT2",
				"MSUpdater"
			],
			"source_name": "MITRE:Putter Panda",
			"tools": [
				"pngdowner",
				"3PARA RAT",
				"4H RAT",
				"httpclient"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "468b7acd-895c-4c93-b572-b42f4035b4d4",
			"created_at": "2023-01-06T13:46:38.265636Z",
			"updated_at": "2026-04-10T02:00:02.902436Z",
			"deleted_at": null,
			"main_name": "APT2",
			"aliases": [
				"MSUpdater",
				"4HCrew",
				"SearchFire",
				"TG-6952",
				"G0024",
				"PLA Unit 61486",
				"PUTTER PANDA"
			],
			"source_name": "MISPGALAXY:APT2",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434759,
	"ts_updated_at": 1775791600,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2ee2f3898efbf135ef9b7f0c60071df9d6904053.pdf",
		"text": "https://archive.orkl.eu/2ee2f3898efbf135ef9b7f0c60071df9d6904053.txt",
		"img": "https://archive.orkl.eu/2ee2f3898efbf135ef9b7f0c60071df9d6904053.jpg"
	}
}