{ "id": "64ab848a-af99-4795-b58a-43e67620f687", "created_at": "2026-04-06T00:13:02.481269Z", "updated_at": "2026-04-10T03:37:17.219409Z", "deleted_at": null, "sha1_hash": "e6d2d75238b64992ed0fa8a72054ca75cb26c727", "title": "LevelBlue - Open Threat Exchange", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 33648, "plain_text": "LevelBlue - Open Threat Exchange\r\nArchived: 2026-04-05 22:48:42 UTC\r\nShow:\r\nAll\r\nSort:\r\nRecently Modified\r\nHttp failure response for https://otx.alienvault.com/otxapi/pulses/?limit=20\u0026page=1\u0026sort=-\r\nmodified\u0026q=tag:cozyduke: 429 Too Many Requests\r\nSort:\r\nMost Pulses\r\nSort:\r\nMost Members\r\nIndicators Search\r\nFilter by:\r\nReset Filters\r\nAll Time\r\nShow expired indicators\r\nIndicator Type\r\nAll (0)\r\nCIDR (0)\r\nCVE (0)\r\nDomain (0)\r\nEmail (0)\r\nFileHash-IMPHASH (0)\r\nFileHash-MD5 (0)\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:cozyduke\r\nPage 1 of 3\n\nFileHash-PEHASH (0)\r\nFileHash-SHA1 (0)\r\nFileHash-SHA256 (0)\r\nFilePath (0)\r\nHostname (0)\r\nIPv4 (0)\r\nIPv6 (0)\r\nMutex (0)\r\nNIDS (0)\r\nURI (0)\r\nURL (0)\r\nYARA (0)\r\nRole\r\nAdware\r\nBackdoor\r\nBruteforce\r\nCommand \u0026 Control\r\nDelivery Email\r\nDocument Exploit\r\nDomain Owner\r\nExploit Kit\r\nExploit Source\r\nFile Scanning\r\nHacking Tools\r\nHunting\r\nMacro Malware\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:cozyduke\r\nPage 2 of 3\n\nMalvertising\r\nMalware Hosting\r\nMemory Scanning\r\nPCAP Scanning\r\nPhishing\r\nRAT\r\nRansomware\r\nScanning Host\r\nTrojan\r\nUnknown\r\nWeb Attack\r\nWorm\r\nSort:\r\nRecently Modified\r\nSort:\r\nName Ascending\r\nSort:\r\nAscending\r\nSort:\r\nAscending\r\nNo results found for \"tag:cozyduke\" in Pulses\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:cozyduke\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:cozyduke\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://otx.alienvault.com/browse/pulses?q=tag:cozyduke" ], "report_names": [ "pulses?q=tag:cozyduke" ], "threat_actors": [ { "id": "20d3a08a-3b97-4b2f-90b8-92a89089a57a", "created_at": "2022-10-25T15:50:23.548494Z", "updated_at": "2026-04-10T02:00:05.292748Z", "deleted_at": null, "main_name": "APT29", "aliases": [ "APT29", "IRON RITUAL", "IRON HEMLOCK", "NobleBaron", "Dark Halo", "NOBELIUM", "UNC2452", "YTTRIUM", "The Dukes", "Cozy Bear", "CozyDuke", "SolarStorm", "Blue Kitsune", "UNC3524", "Midnight Blizzard" ], "source_name": "MITRE:APT29", "tools": [ "PinchDuke", "ROADTools", "WellMail", "CozyCar", "Mimikatz", "Tasklist", "OnionDuke", "FatDuke", "POSHSPY", "EnvyScout", "SoreFang", "GeminiDuke", "reGeorg", "GoldMax", "FoggyWeb", "SDelete", "PolyglotDuke", "AADInternals", "MiniDuke", "SeaDuke", "Sibot", "RegDuke", "CloudDuke", "GoldFinder", "AdFind", "PsExec", "NativeZone", "Systeminfo", "ipconfig", "Impacket", "Cobalt Strike", "PowerDuke", "QUIETEXIT", "HAMMERTOSS", "BoomBox", "CosmicDuke", "WellMess", "VaporRage", "LiteDuke" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434382, "ts_updated_at": 1775792237, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/e6d2d75238b64992ed0fa8a72054ca75cb26c727.pdf", "text": "https://archive.orkl.eu/e6d2d75238b64992ed0fa8a72054ca75cb26c727.txt", "img": "https://archive.orkl.eu/e6d2d75238b64992ed0fa8a72054ca75cb26c727.jpg" } }