{
	"id": "15e7bd3b-dc34-440d-bf14-365f536c655c",
	"created_at": "2026-04-06T00:11:52.684377Z",
	"updated_at": "2026-04-10T03:22:12.872955Z",
	"deleted_at": null,
	"sha1_hash": "898f2aabb7f6520613c23bad746e6560a1375d0e",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 356950,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy skocherhan\r\nArchived: 2026-04-05 21:04:07 UTC\r\nAuthor Url\r\nSality\r\nFileHash-MD5: 200 | FileHash-SHA1: 200 | FileHash-SHA256: 1000\r\n175 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 1 of 13\n\n134 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 2 of 13\n\nMirai • Neurotox Institute\r\nFileHash-MD5: 183 | FileHash-SHA1: 79 | FileHash-SHA256: 1442 | SSLCertFingerprint: 63 | URL: 511 |\r\nDomain: 471 | Email: 5 | Hostname: 198\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 3 of 13\n\nFound in peripheral. Lazarus. Related tomOperation Endgame. Strangely related to the entertainment industry. Related\r\nto treatments facilities where a target I’ve been researching received ‘care’. Also links to Major Entertainment\r\nconglomerate : not surprisingly Hall Render and Foundry. Page was stated to expire 11/21 | expired after I was able to\r\ncapture a live screenshot (not updated for years) [The Neurotoxin Institute (NTI) is a multidisciplinary organization\r\ncreated to serve as a comprehensive independent source of information related to the basic science and the clinical\r\napplications of neurotoxins. The Institute fosters the learning and teaching of both theory and practical techniques, and\r\nencourages further research in support of these goals. Experimental Biology (EB) www.aapmr.org]\r\n134 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 4 of 13\n\ndfirfanatic_IOC's\r\nCVE: 11 | FileHash-MD5: 3 | FileHash-SHA1: 3 | FileHash-SHA256: 6 | URL: 20 | Domain: 39 | Hostname: 12\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 5 of 13\n\n51.15.98.45 51.15.115.141 51.15.44.6 107.23.39.208 154.38.185.108 139.59.30.78 139.59.30.78 141.98.11.168\r\n195.164.49.68 152.39.227.27 212.56.53.90 159.65.231.167 195.154.208.101 195.154.208.99 163.172.77.100\r\n47.84.83.221 104.28.211.187 152.42.211.173 174.138.17.185 209.146.60.235 45.9.148.131 2a0e:fa00:0:25::1\r\n178.128.208.31 157.66.55.50 178.128.208.31 104.28.211.187 13.76.244.181 201.46.112.135 118.41.203.50\r\n51.75.126.7 188.166.163.12 195.242.212.198 93.123.109.246 152.32.129.236\r\n1 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 6 of 13\n\n九秀直播-高品质美女在线视频互动社区 - Malware packed | Botnet |Porn dumping affects\r\nCommunities\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 7 of 13\n\nCVE: 1 | FileHash-MD5: 671 | FileHash-SHA1: 641 | FileHash-SHA256: 1982 | SSLCertFingerprint: 17 | URL:\r\n4063 | Domain: 596 | Email: 3 | Hostname: 1097\r\n九秀直播-高品质美女在线视频互动社区 - Malware packed | Botnet | Porn dumping affects Communities | Packed.\r\nRussian linked YouTube channels that may none US or Canada, (unclear) Asian pornography dumping. Remotes\r\nphones. Spyware *can’t annotate #denver #mitm #advesaries #trojans #unix #linux #torrentinf #dumps #twiitter\r\n#listeners #spy || 2010382 Fake AV GET 2013149 RogueAntiSpyware.AntiVirusPro Checkin 2013178 Long Fake wget\r\n3.0 User-Agent\r\n134 Subscribers\r\nAuthor Url\r\n1,584 Subscribers\r\nAuthor Url\r\n2606:4700:3036::ac43:a8cb (2606:4700:3000::/42)\r\nCIDR: 2 | CVE: 1 | FileHash-MD5: 2 | FileHash-SHA1: 2 | FileHash-SHA256: 471 | URL: 870 | YARA: 163 |\r\nDomain: 47 | Email: 4 | Hostname: 148\r\nHere is a full set of words and phrases used by the BBC to describe the various types of ransomware that can be used to\r\ntarget victims of the Windows operating system, as well as the UK.\r\n122 Subscribers\r\nAuthor Url\r\nPolymodXT.exe\r\nFileHash-MD5: 414 | FileHash-SHA1: 410 | FileHash-SHA256: 1940 | URL: 171 | YARA: 759 | Domain: 134 |\r\nEmail: 4 | Hostname: 56\r\n122 Subscribers\r\nAuthor Url\r\nf83991c8-f2d9-5583-845a-d105034783ab\r\nCVE: 1 | FileHash-MD5: 12 | FileHash-SHA1: 11 | FileHash-SHA256: 17 | URL: 55 | YARA: 53 | Domain: 4 |\r\nHostname: 7\r\nhttps://www.virustotal.com/gui/file/e79f57b603370d4cd4ab1d757833995b89c7d79c9071c75d72c6d082ba0a7ea4/detection\r\nA chronology of key events in the history of the United States:-1.1-2 January 2020.. and 1 February 2021.. (c.9/11):.\r\n122 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 8 of 13\n\nThreat Intel Report - W03-2025\r\nCVE: 1 | FileHash-MD5: 12 | FileHash-SHA1: 12 | FileHash-SHA256: 13 | URL: 202 | Domain: 80 | Hostname: 85\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 9 of 13\n\nThis is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and\r\ntools. These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade\r\ntheir security infrastructure against newly identified threats and attacks in this week. Security is a continuous process,\r\nand it has to be reviewed and audited on a continuous manner through manual or automated tools. These details may be\r\nused as an additional layer to verify the current security posture of an organization against latest cyber trends\r\n105 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 10 of 13\n\nThreat Intel Report - W01-2025\r\nFileHash-MD5: 14 | FileHash-SHA1: 14 | FileHash-SHA256: 14 | URL: 165 | Domain: 74 | Hostname: 83\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 11 of 13\n\nThis is a cyber-advisory document, presenting the compiled cyber threat intelligence sourced from various channels and\r\ntools. These are weekly base recommendations to all IT Administrators and CISOs to take corrective actions to upgrade\r\ntheir security infrastructure against newly identified threats and attacks in this week.\r\n105 Subscribers\r\nAuthor Url\r\ncobalt_loader_unpacked.exe\r\nFileHash-MD5: 23 | FileHash-SHA1: 7 | FileHash-SHA256: 177 | IPv4: 38 | URL: 154 | YARA: 52 | Domain: 14 |\r\nEmail: 7 | Hostname: 58\r\nA guide to the Cobaltloader, a 32-bit executable for Windows, has been published by the University of Oxford.. and its\r\nwebsite is published on the same day as the release.\r\n122 Subscribers\r\nAuthor Url\r\nBlack Tech\r\nCIDR: 1 | CVE: 37 | FileHash-MD5: 2449 | FileHash-SHA1: 217 | FileHash-SHA256: 3441 | URL: 2044 | Domain:\r\n258 | Email: 4 | Hostname: 1100\r\nFound in a malicious Apple iTunes link. Lists several independent artists. Music \"producer\" is potentially highly\r\ndependent on use of AI generated instrumentation and conception. Hacking seems to target a single target and\r\nassociates.\r\n224 Subscribers\r\nAuthor Url\r\n224 Subscribers\r\nAuthor Url\r\n224 Subscribers\r\nAuthor Url\r\n1,584 Subscribers\r\nAuthor Url\r\n224 Subscribers\r\nAuthor Url\r\nSality found in DGA unspecified phishing campaign. Immigration\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 12 of 13\n\nFileHash-MD5: 339 | FileHash-SHA1: 329 | FileHash-SHA256: 1161 | SSLCertFingerprint: 2 | URL: 574 |\r\nDomain: 524 | Email: 9 | Hostname: 650\r\n•A domain generation algorithm (DGA) is a subroutine adversaries implement to dynamically identify a destination\r\ndomain for CnC traffic as opposed to usage of a list of static IP addresses or domains. Generates large numbers of new\r\ndomain names. Cybercriminals and botnet operators use (DGA) evading detection, generated volumes of domains \u0026 IP\r\naddresses for malware CnC servers. •Sality is an appending polymorphic file infector virus that uses an Entry Point\r\nObscuring (EPO) technique. Unlike other file infectors that modify the entry point of the host file to point to the virus\r\ncode, Sality.\r\n218 Subscribers\r\nAuthor Url\r\n218 Subscribers\r\nAuthor Url\r\n218 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:Sality\r\nPage 13 of 13\n\ndfirfanatic_IOC's  https://otx.alienvault.com/browse/pulses?q=tag:Sality    \nCVE: 11 | FileHash-MD5: 3 | FileHash-SHA1: 3 | FileHash-SHA256: 6 | URL: 20 | Domain: 39 | Hostname: 12\n  Page 5 of 13    \n\nThreat Intel Report - W03-2025 https://otx.alienvault.com/browse/pulses?q=tag:Sality     \nCVE: 1 | FileHash-MD5: 12 | FileHash-SHA1: 12 | FileHash-SHA256: 13 | URL: 202 | Domain: 80 | Hostname: 85\n   Page 9 of 13    \n\nThreat Intel Report - W01-2025 https://otx.alienvault.com/browse/pulses?q=tag:Sality    \nFileHash-MD5: 14 | FileHash-SHA1: 14 | FileHash-SHA256: 14 | URL: 165 | Domain: 74 | Hostname: 83\n   Page 11 of 13",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:Sality"
	],
	"report_names": [
		"pulses?q=tag:Sality"
	],
	"threat_actors": [],
	"ts_created_at": 1775434312,
	"ts_updated_at": 1775791332,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/898f2aabb7f6520613c23bad746e6560a1375d0e.pdf",
		"text": "https://archive.orkl.eu/898f2aabb7f6520613c23bad746e6560a1375d0e.txt",
		"img": "https://archive.orkl.eu/898f2aabb7f6520613c23bad746e6560a1375d0e.jpg"
	}
}