{
	"id": "8b33c691-c929-4b81-a25c-75bb6813f295",
	"created_at": "2026-04-06T00:15:53.91364Z",
	"updated_at": "2026-04-10T13:11:54.308139Z",
	"deleted_at": null,
	"sha1_hash": "61edf710aed653d427b9565d8baa0f63bd16afec",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 247130,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy CyberHunterAutoFeed\r\nArchived: 2026-04-05 12:40:51 UTC\r\n1,583 Subscribers\r\n1,583 Subscribers\r\n1,583 Subscribers\r\n1,583 Subscribers\r\n1,583 Subscribers\r\n1,583 Subscribers\r\n1,583 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:NanoCore\r\nPage 1 of 8\n\n1,583 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:NanoCore\r\nPage 2 of 8\n\nOngoing Phishing Campaign Abusing Google Cloud Storage to Redirect Users to Multiple Scam\r\nPages\r\nDomain: 56 | Hostname: 2\r\nA recent analysis revealed an ongoing phishing campaign leveraging Google Cloud Storage infrastructure to\r\nredirect users to various scam sites, primarily hosted on the .autos top-level domain. A key aspect of this campaign\r\nis a centralized Google Cloud Storage page that functions as a traffic distribution hub. This page directs users to\r\nmultiple phishing sites based on predetermined campaign configurations, targeting victims with diverse scams\r\nincluding fake surveys, reward schemes, antivirus alerts, and false job offers.\r\n161 Subscribers\r\n1,583 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:NanoCore\r\nPage 3 of 8\n\n41 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:NanoCore\r\nPage 4 of 8\n\n1,583 Subscribers\r\nclone scoreblue\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:NanoCore\r\nPage 5 of 8\n\nCVE: 7 | FileHash-MD5: 3654 | FileHash-SHA1: 2282 | FileHash-SHA256: 4712 | URL: 886 | Domain: 333 |\r\nHostname: 831\r\n41 Subscribers\r\n1,583 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:NanoCore\r\nPage 6 of 8\n\nThreat Intel Report - W04-2026\r\nFileHash-MD5: 31 | FileHash-SHA1: 31 | FileHash-SHA256: 61 | URL: 457 | Domain: 8 | Hostname: 65\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:NanoCore\r\nPage 7 of 8\n\nThese are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade\r\ntheir security infrastructure against newly identified threats and attacks in the week.\r\n105 Subscribers\r\n1,583 Subscribers\r\n1,583 Subscribers\r\n1,583 Subscribers\r\n1,583 Subscribers\r\n1,583 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:NanoCore\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:NanoCore\r\nPage 8 of 8\n\nThreat Intel Report - W04-2026 https://otx.alienvault.com/browse/pulses?q=tag:NanoCore    \nFileHash-MD5: 31 | FileHash-SHA1: 31 | FileHash-SHA256: 61 | URL: 457 | Domain: 8 | Hostname: 65\n   Page 7 of 8",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:NanoCore"
	],
	"report_names": [
		"pulses?q=tag:NanoCore"
	],
	"threat_actors": [],
	"ts_created_at": 1775434553,
	"ts_updated_at": 1775826714,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/61edf710aed653d427b9565d8baa0f63bd16afec.pdf",
		"text": "https://archive.orkl.eu/61edf710aed653d427b9565d8baa0f63bd16afec.txt",
		"img": "https://archive.orkl.eu/61edf710aed653d427b9565d8baa0f63bd16afec.jpg"
	}
}