{
	"id": "87a399e1-dda3-4f2e-a10a-03e61505d655",
	"created_at": "2026-04-06T00:08:39.419699Z",
	"updated_at": "2026-04-10T13:11:30.807768Z",
	"deleted_at": null,
	"sha1_hash": "783d678f770fc6b7c894730810cb8826f93900f2",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 240165,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy Kevin1230san\r\nArchived: 2026-04-05 22:45:58 UTC\r\nAuthor Url\r\n20 Subscribers\r\nAuthor Url\r\n374,021 Subscribers\r\nAuthor Url\r\n841 Subscribers\r\nAuthor Url\r\n480 Subscribers\r\nAuthor Url\r\n480 Subscribers\r\nAuthor Url\r\n841 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:vendetta\r\nPage 1 of 6\n\nThreat Research | FireEye Inc\r\nFind out more about FireEye.com, the world's leading cyber security company, which provides security services to\r\nmore than 1.5 million customers across the globe, and offers a wide range of products and services.\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:vendetta\r\nPage 2 of 6\n\n17 Subscribers\r\n20 Subscribers\r\nAuthor Url\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:vendetta\r\nPage 3 of 6\n\nVendetta New Threat Actor from Europe\r\nFileHash-MD5: 3 | FileHash-SHA256: 20 | URL: 1\r\nStarting in April this year, 360 Baize Lab intercepted a large number of attack samples from an unknown hacker\r\norganization. The hacker organization sent a phishing email to the victim by forging a police station investigation\r\nletter, COVID-19 detection notice, etc. , Through the backdoor virus to control the victim’s machine, steal\r\nvaluable sensitive data related to the target. The PDB path of the virus samples used by the organization points to\r\na user named \"Vendetta\", and we will later also name the hacker organization Vendetta.\r\n374,021 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:vendetta\r\nPage 4 of 6\n\n12 Subscribers\r\nAuthor Url\r\n1,344 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:vendetta\r\nPage 5 of 6\n\nSource: https://otx.alienvault.com/browse/pulses?q=tag:vendetta\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:vendetta\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:vendetta"
	],
	"report_names": [
		"pulses?q=tag:vendetta"
	],
	"threat_actors": [
		{
			"id": "3a0cfbbc-2acf-4cc8-afe1-1859679c522c",
			"created_at": "2022-10-25T16:07:24.373716Z",
			"updated_at": "2026-04-10T02:00:04.963615Z",
			"deleted_at": null,
			"main_name": "Vendetta",
			"aliases": [
				"TA2719"
			],
			"source_name": "ETDA:Vendetta",
			"tools": [
				"AsyncRAT",
				"Atros2.CKPN",
				"Nancrat",
				"NanoCore",
				"NanoCore RAT",
				"ReZer0",
				"Remcos",
				"RemcosRAT",
				"Remvio",
				"RoboSki",
				"Socmer",
				"Zurten"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434119,
	"ts_updated_at": 1775826690,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/783d678f770fc6b7c894730810cb8826f93900f2.pdf",
		"text": "https://archive.orkl.eu/783d678f770fc6b7c894730810cb8826f93900f2.txt",
		"img": "https://archive.orkl.eu/783d678f770fc6b7c894730810cb8826f93900f2.jpg"
	}
}