{ "id": "bd1145eb-1e08-466c-8294-8d6d6d298cad", "created_at": "2026-04-06T00:15:36.915609Z", "updated_at": "2026-04-10T13:12:57.093302Z", "deleted_at": null, "sha1_hash": "7a0905571120ceb310720aee4ad03915b4b48283", "title": "LevelBlue - Open Threat Exchange", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 357235, "plain_text": "LevelBlue - Open Threat Exchange\r\nBy arringtont\r\nArchived: 2026-04-05 18:49:29 UTC\r\nVajraSpy Android Spyware\r\nFileHash-MD5: 4 | FileHash-SHA1: 4 | FileHash-SHA256: 6\r\nA group known to engage in espionage operations has covertly installed malware, known as VajraSpy, on Android\r\nusers, according to researchers at ESET, who discovered the malware in the Google Play store.\r\n103 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:TINYTYPHON\r\nPage 1 of 3\n\nThreat Research | FireEye Inc\r\nFind out more about FireEye.com, the world's leading cyber security company, which provides security services to\r\nmore than 1.5 million customers across the globe, and offers a wide range of products and services.\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:TINYTYPHON\r\nPage 2 of 3\n\n17 Subscribers\r\nMONSOON – ANALYSIS OF AN APT CAMPAIGN\r\nCVE: 4 | FileHash-SHA1: 60 | URL: 57 | Hostname: 20\r\nMONSOON is the name given to the Forcepoint Security Labs™ investigation into an ongoing espionage\r\ncampaign that the Special Investigations team have been tracking and analysing since May 2016. The overarching\r\ncampaign appears to target both Chinese nationals within different industries and government agencies in\r\nSouthern Asia. It appears to have started in December 2015 and is still ongoing as of July 2016. Amongst the\r\nevidence gathered during the MONSOON investigation were a number of indicators which make it highly\r\nprobable1 that this adversary and the OPERATION HANGOVER adversary are one and the same. These indicator\r\ninclude the use of the same infrastructure for the attacks, similar Tactics, Techniques and Procedures (TTPs), the\r\ntargeting of demographically similar victims and operating geographically within the Indian Subcontinent\r\n373,973 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:TINYTYPHON\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:TINYTYPHON\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://otx.alienvault.com/browse/pulses?q=tag:TINYTYPHON" ], "report_names": [ "pulses?q=tag:TINYTYPHON" ], "threat_actors": [ { "id": "ca292585-950c-400f-b632-c19fa3491fe1", "created_at": "2022-10-25T15:50:23.599765Z", "updated_at": "2026-04-10T02:00:05.417659Z", "deleted_at": null, "main_name": "MONSOON", "aliases": null, "source_name": "MITRE:MONSOON", "tools": [ "TINYTYPHON", "BADNEWS", "Unknown Logger", "AutoIt backdoor" ], "source_id": "MITRE", "reports": null }, { "id": "88854a9f-641a-4412-89db-449b4d5cbc51", "created_at": "2022-10-25T16:07:23.963599Z", "updated_at": "2026-04-10T02:00:04.810023Z", "deleted_at": null, "main_name": "Operation HangOver", "aliases": [ "G0042", "Monsoon", "Operation HangOver", "Viceroy Tiger" ], "source_name": "ETDA:Operation HangOver", "tools": [ "AutoIt backdoor", "BADNEWS", "BackConfig", "JakyllHyde", "TINYTYPHON", "Unknown Logger", "WSCSPL" ], "source_id": "ETDA", "reports": null }, { "id": "bbf66d2d-3d20-4026-a2b5-56b31eb65de4", "created_at": "2025-08-07T02:03:25.123407Z", "updated_at": "2026-04-10T02:00:03.668131Z", "deleted_at": null, "main_name": "ZINC EMERSON", "aliases": [ "Confucius ", "Dropping Elephant ", "EHDevel ", "Manul ", "Monsoon ", "Operation Hangover ", "Patchwork ", "TG-4410 ", "Viceroy Tiger " ], "source_name": "Secureworks:ZINC EMERSON", "tools": [ "Enlighten Infostealer", "Hanove", "Mac OS X KitM Spyware", "Proyecto2", "YTY Backdoor" ], "source_id": "Secureworks", "reports": null }, { "id": "c81067e0-9dcb-4e3f-abb0-80126519c5b6", "created_at": "2022-10-25T15:50:23.285448Z", "updated_at": "2026-04-10T02:00:05.282202Z", "deleted_at": null, "main_name": "Patchwork", "aliases": [ "Hangover Group", "Dropping Elephant", "Chinastrats", "Operation Hangover" ], "source_name": "MITRE:Patchwork", "tools": [ "NDiskMonitor", "QuasarRAT", "BackConfig", "TINYTYPHON", "AutoIt backdoor", "PowerSploit", "BADNEWS", "Unknown Logger" ], "source_id": "MITRE", "reports": null }, { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "cfdd350b-de30-4d29-bbee-28159f26c8c2", "created_at": "2023-01-06T13:46:38.433736Z", "updated_at": "2026-04-10T02:00:02.972971Z", "deleted_at": null, "main_name": "VICEROY TIGER", "aliases": [ "OPERATION HANGOVER", "Donot Team", "APT-C-35", "SectorE02", "Orange Kala" ], "source_name": "MISPGALAXY:VICEROY TIGER", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434536, "ts_updated_at": 1775826777, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7a0905571120ceb310720aee4ad03915b4b48283.pdf", "text": "https://archive.orkl.eu/7a0905571120ceb310720aee4ad03915b4b48283.txt", "img": "https://archive.orkl.eu/7a0905571120ceb310720aee4ad03915b4b48283.jpg" } }