{
	"id": "48725980-aea9-441b-b466-f6fa3ac30580",
	"created_at": "2026-04-06T01:30:39.623995Z",
	"updated_at": "2026-04-10T03:21:24.138469Z",
	"deleted_at": null,
	"sha1_hash": "87c77fdfddf7d1cf7391be0885d535c1d7cfb6a5",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31917,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy TheNewRaikage\r\nArchived: 2026-04-06 00:49:04 UTC\r\nFileHash-SHA256: 5 | IPv4: 1 | URL: 2 | Hostname: 1\r\nFor the past several weeks, Forcepoint Security Labs have been tracking a seemingly low-profile piece of malware\r\nwhich piqued our interest for a number of reasons: few samples appear to be available in the wild; there is no\r\nprevious documentation referring to the C2 domains and IP addresses it uses (despite the domains appearing to be\r\nat least twelve months old); and, if its compilation timestamps are to be trusted, the campaign itself may have been\r\nactive for at least six months before samples started to surface... The primary samples examined appear in the wild\r\nwith filenames mimicking that of Adobe\u0026#39;s Content Management System [1] and offers a range of commands\r\ntypical of Remote Access Tools: file upload, file download, file execution, and command execution.\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:Felismus\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Felismus\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:Felismus"
	],
	"report_names": [
		"pulses?q=tag:Felismus"
	],
	"threat_actors": [],
	"ts_created_at": 1775439039,
	"ts_updated_at": 1775791284,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/87c77fdfddf7d1cf7391be0885d535c1d7cfb6a5.pdf",
		"text": "https://archive.orkl.eu/87c77fdfddf7d1cf7391be0885d535c1d7cfb6a5.txt",
		"img": "https://archive.orkl.eu/87c77fdfddf7d1cf7391be0885d535c1d7cfb6a5.jpg"
	}
}