{"items":[{"id":"malbaz-0671be8c3c90f4f70b4feef76edbf8f3fd8d8b9ceb191675b100912d70e82c22","source":"malware-bazaar","category":"malware","severity":"high","title":"sport.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"9f86a462681b343125415cee2ce30624","sha1":"5aaffe2fd4ad738032bcf35b960b575a778a97fe","sha256":"0671be8c3c90f4f70b4feef76edbf8f3fd8d8b9ceb191675b100912d70e82c22"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:56Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/0671be8c3c90f4f70b4feef76edbf8f3fd8d8b9ceb191675b100912d70e82c22/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-6a94e0e6917dac14fe32db0e46e328251ca2baa5551712ab5a9b6e008a0ebd6c","source":"malware-bazaar","category":"malware","severity":"high","title":"pace.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"54a8827f55792a6e0d3817e80ac2a318","sha1":"8b30ba6bca841026b199e955822b6459ad44d981","sha256":"6a94e0e6917dac14fe32db0e46e328251ca2baa5551712ab5a9b6e008a0ebd6c"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:39Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/6a94e0e6917dac14fe32db0e46e328251ca2baa5551712ab5a9b6e008a0ebd6c/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-6c403ed3119dae79cc5abf671489c6b1053ae5de11d249c74b3a9e9c01d86634","source":"malware-bazaar","category":"malware","severity":"high","title":"Indeed.bat","description":"File type: bat | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"61a5049fb91d6a8b1659c267dd2d8713","sha1":"17d136a21801102060dabe962c0c7f472ab5d194","sha256":"6c403ed3119dae79cc5abf671489c6b1053ae5de11d249c74b3a9e9c01d86634"}},"tags":["bat"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:30Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/6c403ed3119dae79cc5abf671489c6b1053ae5de11d249c74b3a9e9c01d86634/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-e178ec2c637f8340288d0928c5de1a852e5f6fdded6327cfb3fc2c752f0c88cd","source":"malware-bazaar","category":"malware","severity":"high","title":"ENJOY.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"f65cf754c315bc223fda4dee8ebc9a02","sha1":"e315db400b398c97ebdd9c76c9437908b6214722","sha256":"e178ec2c637f8340288d0928c5de1a852e5f6fdded6327cfb3fc2c752f0c88cd"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:58:20Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/e178ec2c637f8340288d0928c5de1a852e5f6fdded6327cfb3fc2c752f0c88cd/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"threatfox-1796400","source":"threatfox","category":"threat-intel","severity":"critical","title":"payload_delivery: undefined","description":"https://infosec.exchange/@monitorsg/116451588423267418","indicators":{"cves":[],"ips":[""],"domains":[""],"urls":[""],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["ClearFake","StrelaStealer","Mirai","ClickFix","compromised","etherhiding","Polygon","Vidar","WordPress","SocGholish","Loki","storj",".NET","VDSINA","SmartLoader","Kongtuke","darkcomet","CobaltStrike","drb-ra","ProxyBox","Socks5 Systemz","ACR Stealer","Mozi","c2","r88vry","LokiBot","Android","banker","Kutxabank","NFCGate","NGate","Spain","Unicaja","ndroid","phish","22April2026","Commandline","Windows","AS199968","DarkCloud","Internet Domain Service BS Corp.","IWS NETWORKS LLC","subdomain","CastleLoader","finger-delivery","tcp79","trojan","ViriBack","RAT","ValleyRAT","RedLineStealer","Agentemis","Beacon","Cobalt Strike","cobeacon","RapidStealer","remcos","Gafgyt","ConnectBack","glassworm","Wave3","wallet-trojan","calendar-c2","infostealer stealer","opiusra","EnmityStealer","1xxbot","ArechClient","SectopRAT","Stealc","CinaRAT","Quasar RAT","QuasarRAT","Yggdrasil","BotManager","MaskGramStealer","21April2026","conhost-headless","finger-tcp79","fingerfix","win.fingerfix","AS15169","hak5","AS14618","AS14061","AS9123","cs-watermark-987654321","cs-watermark-100000","Fake Zoom","ScreenConnect","VBScript","Fake Microsoft Teams","Fake Adobe","SSA","ErrTraffic","Lumma","XWorm","GDrive","grpc","msi","NodeJS","TOR","NanoCore","dcrat","Steal","RemcosRAT","ExtRat","Xtreme RAT","AS24940","CHAOS","Hetzner Online GmbH","kimwolf","Discord","cs-watermark-666666","macOS","stealer","FrostStealer","etherhide","polygon-contract-stored-c2","20April2026","Fake-Claude","Nancrat","NanoCore RAT","PureHVNC","PureRAT","AS202412","jarm-cluster","Omegatech","cluster25","sliver","clickfix-cluster","phishing","AS8075","Microsoft Corporation","Supershell","EXT","Fake Claude","ACRStealer","OffLoader","AISURU","exe","DGA","valleyrat_s2","REMPROXY","CrystalX","DeepLoad","AS205775","NEON CORE NETWORK LLC","Bot Manager","pw-ryos","DDNS","Fake Adobe Reader","Fake DocuSign","payload","Fake Google Meet","cs-watermark-305419896","cs-watermark-666666666","cs-watermark-391144938","DarkCrystal RAT","18April2026","AS216084","itystealer","Kerem Uluboy","Access2.IT Network","AS208258","zabbix","AS64439","borz","RocketCloud.ru","honeypot","WebDav","botnet","controller","ssh","Amnesia Panel","Web Panel","NetSupport","asyncrat","garble","go","midie","sideload-asus","AS56971","AS56971 Cloud","UNAM","Amos","asar","atomic","wallet-injection","applescript","keystone-persistence","Loader","Vjw0rm","PhantomGate","SantaStealer","rmm","simplehelp","deerstealer","njrat","a10fsw","SHubStealer","Farfli","APT","kimsuky","DPRK","Lazarus","ESP","geo","GCleaner","SilentNet","17April2026","KermitRAT","Breut","Fynloski","klovbot","Remvio","Socmer","tofsee","IClickFix","NetSupport RAT","ZigClipper","domain","Lumma Stealer","Mirax","16April2026","infostealer","AS328543","Sun Network Company Limited","RedTigerStealer","WeedHack","Havoc","d0b0p","Lorikazz","AS932","XNNET LLC","SmartApeSG","AgingFly","UKR","odiznrio","Patchwork","cs-watermark-1234567890","quasar","dropped-by-vidar","exfil","FlagStealer","15April2026","apt"],"malwareFamily":"ClearFake","confidence":100,"publishedAt":"2026-04-23T02:56:34Z","fetchedAt":"2026-04-23T03:00:05.010Z","references":[{"url":"https://infosec.exchange/@monitorsg/116451588423267418","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116450645010297764","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/7e9a43686183b6cf6b9ac26c6c3de0176637799bf1b7ba348b31a7407cc3948a/","label":"ThreatFox","domainType":"primary"},{"url":"https://tria.ge/260422-y7xnvaew4k/behavioral2","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/613e5314a7ded3155cdec49fd34e852e181f4651d78bd8bf3adad2f4dbf22b0d/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/file/e494ce6af136876cba1adfe3f9d6e151f1dcf9a38059897cfb509e30e12b8c7b/detection","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116449703219645845","label":"ThreatFox","domainType":"other"},{"url":"https://tracker.viriback.com/index.php?q=mail.treysbeatend.com","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116448535265098838","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/35c37d6a-75d7-49b0-b74a-b08decf37ad9","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/ce1285f6f87bfc3c2a7f51f1f9f4829d94fed5504f9b892f7e2a62b6b4acf4bc/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0f70443956f8340ec3a31ca44c34619a2ea1db1b07b68c06c5f4e72ae8581df8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7e8535101461b828c2d12888ab01fe2ead504d19c2e14c141ef029346bfe86d5/","label":"ThreatFox","domainType":"primary"},{"url":"https://codeberg.org/tip-o-deincognito/glassworm-writeup","label":"ThreatFox","domainType":"other"},{"url":"https://tria.ge/260422-mm74asc19k/behavioral1","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/217db70a30b60d6f855d9347251889c5c18ef895057619fb8480a31882c53ebe/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/suyog41/status/2046592187606220864","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/e3d0fd2c-5aa2-462e-a704-bfb99c24dbf1","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/f2bfdd8e-687b-4dc7-96e1-3d37846c6710","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/778ca9816558ae85045ad676fd016bb7e0d586ff4b05a80472006c81180b0d4d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/34b7d8e96a8156c53299589e69aa8b4e353ac9554f7ea109b3c652e805f74f97/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116444745795503961","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/amanullahstorellc.com","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/673d15c65f3c65d8bf7518d2a47907a59c5f26a8dd08fb954107d162c1b3721f","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116446151590680751","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/solostalking/status/2046806549813989463?s=20","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4804a8800007a70241a5e5b2e9f548d2cf56aa64800324a16818616950880945/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c23f8dd49136a471a5d6632272ecc09041efec0503716f8a3e513a4e8e9eee26/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4db60c88de6ae375433dc71b8fde1ff323ff5bc5425903a77324a321ac85029c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0ac8ef75974a1e69c74855aea131206598a060feab1790282b8ca1c431058fe0/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bfaf3900078db99c433f5d6e1d58989ae2c7c5a81aabeebc4668a87a89790466/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116443576096335383","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/981083069928ba9c9ab6f5c00e08e39bce07449ef7415f58e962939edabdecd7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0a326c130fb55d6f158b793d4c1373aac4c5280bcd9d57f97d10ff7c4d2bd3c7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/abee9e2c579bed2a9169e1c0b0cfcf910a941ba7a3e556a7cbb9716a90616cbd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/543379e43bf62ccb4e702b46a5d37edc93ffe7fbc3c9a01efeb7ceee0ac96127/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/15887b4ba9168d51b22e75cf00a801787578e9d3d62064bd19bb8aed0afa3b90/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@netresec/116441345775251709","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/346627d7d58703c3da5b604372778175219e5f7f8c0998f742ebede838fa79e4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/cfa65056a9accc2678480771e25891733787cf1f0ac46727e2663ca8383e3795/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116438604768924087","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/17149906-1e74-4cdb-a523-8de8790384c2","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/07f008e9ebfb33b2ef8a7f9dcf1f27bed1687359eb321044db47f9ebf70ed129/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/domain/frostapiv2.com/relations","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/motuariki_/status/2046158360928768268","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a1a15f6d3c172e29e991bcb274f6c47a2ee45614224ffbccfcec39113a3bd078/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/346edde3c594d4af0f607951ae38f21c8e5ad611419cc7c9e7a2e0c913896581/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e41f1af836b7573725758186407dbc21293186683e75582563f6760f8aac1a46/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/be94ed15a50a3386f6ab466401d68faf13ead40a05f50c37f410414b57512d3c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a4b590be9e9c39b328b69285182e9b0c1dc742d8df854a147bf709a2b74b15c6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3cdb760342bc041252efe74188ba8b106b10484a3638b0a2d33830016611a2c8/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4013853381bb2c28ddff061b1a208e886f2b52a31073cea40e4cdb5ec431d58b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/d4fd4b65aea6fdd1968fd59046265a5d636f58309c28e12044a3abf145014f78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c61c5222e298bf632c0f701da32d74c1e2830a56e1baef37cfb8d212540c516b/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c086065da56bda3b3654003d541b44f9721baec9894066768447d6c3841504ab/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c03060e63d3a3a16312ea4d15393c38901ec7239d7290bd30f6b266316bc0b1e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9b434276b0af0ea43fdf71a09ca7687c0a45254ba1a0955a1cf04372d69de36d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b8342acd2dde4b63d58b11bb83626aa61cd4a7ed33ba42df5eec4b3ad3e934df/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/269ef9fd26667dfcae57ae29f559a327de0327e37c2dd5887ed7a453f7a04a07/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/14871ed0de7fb24775a7c51fb6c88c68a02d31a07050612e457b7f2b66a06285/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0ef84c28fef31e4457241009cada38ee3ba37d7827b6755d046586d4e49159f4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/28b74e0919f0e8f08ca698f7d4c897ce345f0ad1f2752e29450d0ef4fe1eaeff/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116437427332348292","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a63a4bef804fd6e29dfb03780c4b68d353b848d952573465d4a019b452c56e51/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116437337022892373","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9a824eccc370507893eb49881bc5222b0e76a439b78afabea228a08fb686e6aa/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/a111e77f244f7ced8fea48db8d7ea4648e0a12715b16de0e1473965084d65465/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/6993b775414c63276857ea4ebb6798d8609724ebe9e661ad47d7adb7f554b0de/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/53ce6a4f580b7b9d572bb0cc6c1b9814c2538aabf58429e3f258548a54f0514a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3884ca8ff0e82370fc831f4b38c4e7004f474ae1a0087ff58b160d5082f031c2/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/56316afa7cc9642c064f64f1572f8e0c6a70f207f31229609670a6c4515624ca/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/673d15c65f3c65d8bf7518d2a47907a59c5f26a8dd08fb954107d162c1b3721f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/12eeb42b6c685304e9619f3988146b5a68db3fbe7f0ac28b1c5fda9481315c46/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/1b53dd85b7392738c1810b950552fda5c6b274c7dd2e5b731a1eb101e3946b78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/858787b627c6e7dec417e1082c6776f0f028930a5482e35fd7f2e3fd6ae9cc5a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f37e60e60a3e504f555444ced745e7224cc83625a29582d29217b8a4ab7341a4/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7fed823191f3c1381f63d43e74dee66f451c6cc6bcb1cf753996e13aaec7921d/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/edd7e88acbf5e866bf68fdb45d2dcb3fe19bb8c5014a4ddc65ff59703abd42da/","label":"ThreatFox","domainType":"primary"},{"url":"https://greedybear.honeynet.org","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/8d8b467cc8473f5a02df308943a7e87927d5e3c1b6f52f1916226a1687697c64/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/host/176.65.134.19/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/51a5a9e0f2f500a5f296cf3cfa45576bca995f0eeb5d4d263630902cd1c2fd73/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/BreakGlassIntel/status/2045300165330837575","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/a8f92e521b958cc8c702ee5eddfeb77b571de2b4c23f88de69949a419956432d/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/JAMESWT_WT/status/2045449296871321937","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/267b0b1dc0a99f9f3918f24f626518d23dde5e0caf1128f128f7857906e3ebf5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/e9564236bdaac13cb38601b461a76c1b497ae21c85f524cd6f623587101b20e9/","label":"ThreatFox","domainType":"primary"},{"url":"https://tria.ge/260418-glp87shv3s","label":"ThreatFox","domainType":"other"},{"url":"https://infosec.exchange/@monitorsg/116422799712820736","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/2762f3e0a56d62e70157c398626856befead49f0926ba921f478bb599f10e2f6/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c6e203c681d5ba9786a870a67b11dd784468a640816844c197a4b5a14a9bcf81/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/706bd2e1aac21fadfbcfe1e6639a6488c574f00b007e087718282c597bebf1c1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4828d141d7c6b23d0e150aa5e88b812edfaa80ed31fea8f7b6e960144e96f58f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bde2db917c40dba4f7d17cb508a3fe9d84e7b00453402c99db7929df7fa50e23/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/2907d74d4bb3ce573ed471b7ddd96f2c49c9dc2b7c7485940651cd9fc1542080/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9ffadd20c3946d7a635f48a91ab2ca00e6374ff05bf3ac9344e5d2758d3302ba/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/971fa32e2c385f679da4df0b303d2fc484b68d1a1131d77cd4815fc2285249ba/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/4686b6e4902d8a89e97eaa78b4513344537e8031da2fa2b31dad8df30496a3fd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/753e3923f63b122a65c886aac5932670d0dcd5c46a4cc4f5292da5c0dbea73ce/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/7d4fa8546533a2bc077b20560cd7c32bc240c456c9606478f6253372e48c07fc/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f6ac3f6683fce33f2f376745b3f9dfe5e86d5d661c36c2ed8ae5a5f153f72c99/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/suyog41/status/2045093863812112734","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/K_N1kolenko/status/2045099146856599584","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/K_N1kolenko/status/2045094677435584919","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/skocherhan/status/2044874869871906854","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/cyberwar_15/status/2044964550173409631","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/faaa4d005314440dfd7ed5fa2f522e1a2642f08ec3bf0c1e2779a39bf4268349/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/bf11196247528173195420fcac7cb78e58bec0af501e400f5830d82b9d031b67/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/6250f329e5f6311b857a7d6813269fb0f56d5916870dd0095cb7b87452f5592f/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/679ce9eb3e1bdba8ed58fa53690ae879ce50679be97fbc41e85cbb6a88bbeb0a/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/f9d4d9d8ba78742c1dfcc2d3ff38b13cdc2cba40843564b5919100601f23bad1/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/0c31586cd59ccfaf7fb8da14ae4aa28bd7300443b4e17a86aa59cfc921ecd62e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/fe93882d49c90278bd15c2b5f02a3d278e41b6c98604210cea167042cec509ea/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3e5d00fd22666970d708c6a0f8813f81689f21eb6e6d3ffbe01e19023562b630/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/eabd970c01299dc18e66e65a921b4d9045afd362771baeb0fa89e43257c4e4dd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/82f28b2ecc7158d827089712f84c664c124aa94fde9ea353608b22ee110d73d7/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/73f5db0b04dfff8274ecb96dc3c10c8d4819627a20110dc763123d6ed3421fa9/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116418783762985803","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/454850749d874755a8e1e43e5a128a9fa39ffe49f5ffdbe9f264b5997ccb039c/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/153a90a38f3fe20786de448bce120bcc89c0a00761a55b01783e9b8345b5cb78/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/3442ef237e4be9b964e7922253482cdbe557d9c8c44c519ea6fecf1725cdeead/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/url/3823884/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/9d176e2a1d21e4b368cd06adfb0f38629781d4b7ca6ed7b738efb0745e77fa22/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/c132d2a4a97ba28b95d212d9b4dba6b375fc73a3b52f0a5b72703ee380e29cc8/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/skocherhan/status/2044843064745681374","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/108bb28df7f64b83f8fda981664c6209a50cab9bb0eb13888410be30d2006bd6/","label":"ThreatFox","domainType":"primary"},{"url":"https://www.virustotal.com/gui/domain/friendlydomain.ru/relations","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/dd426a8f168871393bec760724228c0584e80519c5069b4969a663846afdb88e/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/aa589ef7e0ea27bed4ee87929117cfc5b28b68c343b3991209514db311c1a3ec/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/500f2453771722611010edab168211ad9eca0c0bf97936453855e8638e6d73fd/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/8e02b5ba983587779b3aeeaa2d50d9b2a965c578ec0a1242c58af34322d97e9f/","label":"ThreatFox","domainType":"primary"},{"url":"https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-04-13-LORIKAZZ-ANDROID-IOT.txt","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/500mk500/status/2044765712481239082","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/6ad0f9685ddaf9f39d9543f83be82874e050455e0fc6f3d20481cf595e23f02d/","label":"ThreatFox","domainType":"primary"},{"url":"https://infosec.exchange/@monitorsg/116414303892382227","label":"ThreatFox","domainType":"other"},{"url":"https://cert.gov.ua/article/6288271","label":"ThreatFox","domainType":"other"},{"url":"https://therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services","label":"ThreatFox","domainType":"media"},{"url":"https://app.any.run/tasks/a365d025-2c6f-4ead-b419-e1285fcfcaae","label":"ThreatFox","domainType":"other"},{"url":"https://app.any.run/tasks/3d1280a9-8ba1-4f2e-aab9-213bb9639197","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/4bfd0b95c3baf8b621e009aec5b92344e4e236ebc12b34fad891d0a1996668c6/","label":"ThreatFox","domainType":"primary"},{"url":"https://x.com/500mk500/status/2044440829859643849","label":"ThreatFox","domainType":"other"},{"url":"https://x.com/salmanvsf/status/2044635908981604371","label":"ThreatFox","domainType":"other"},{"url":"https://bazaar.abuse.ch/sample/e9bf8b0cc4f99ab868fbdbf3e90a6adcb867a7041f6201007a7844414ba0cc55/","label":"ThreatFox","domainType":"primary"},{"url":"https://urlhaus.abuse.ch/url/3823147/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/b830f043076a12748b6a2dc0810ece85439ee77434d991ae7d84201b09ead756/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/ade9874ddc5fb64c27f3eecddeeabdddb4b62e341e1ec06f09fea29ac9e6baa5/","label":"ThreatFox","domainType":"primary"},{"url":"https://bazaar.abuse.ch/sample/9f9c4d0f6644abe7500325d2e387ff606a1d72f8d033bc164f984deee92d7d65/","label":"ThreatFox","domainType":"primary"},{"url":"https://clickfix.carsonww.com/domains/www.zeitdanach.ch","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.aircliniq.com","label":"ThreatFox","domainType":"other"},{"url":"https://clickfix.carsonww.com/domains/www.omnicoresolutions.net","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"malbaz-43d206a3928e1d6445113250bee9b2f8b0568b062280d28af8b496a5e76d4b78","source":"malware-bazaar","category":"malware","severity":"high","title":"SIMPLY.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"7fe9f680efb8660345b340df5c58e179","sha1":"4bbf34b61d35d5e60f19b61732950b91d5c4f22d","sha256":"43d206a3928e1d6445113250bee9b2f8b0568b062280d28af8b496a5e76d4b78"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:53Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/43d206a3928e1d6445113250bee9b2f8b0568b062280d28af8b496a5e76d4b78/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-7d8cf5a10104f02491f52f8d7314c729d30cdb469f18ff8c2f0766faf11c2c00","source":"malware-bazaar","category":"malware","severity":"high","title":"roughly.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"cb3af8617b37c043b9935a19ee2d24c0","sha1":"4510fb16cad04daf8fab3f7b5d6077b75d447944","sha256":"7d8cf5a10104f02491f52f8d7314c729d30cdb469f18ff8c2f0766faf11c2c00"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:45Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/7d8cf5a10104f02491f52f8d7314c729d30cdb469f18ff8c2f0766faf11c2c00/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-4f7d170b16f656a4bd09f5e1b8606eab8b8a5381a1230e2a716a01cc837c73f6","source":"malware-bazaar","category":"malware","severity":"high","title":"rail.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"f5612d481fc9e8c4a2b7ee7eb70c4dbb","sha1":"9fbc359d8cf4d07c86c3b809d01c4c4d7802b639","sha256":"4f7d170b16f656a4bd09f5e1b8606eab8b8a5381a1230e2a716a01cc837c73f6"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:37Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/4f7d170b16f656a4bd09f5e1b8606eab8b8a5381a1230e2a716a01cc837c73f6/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-5364a6db5cfb43f056be8dd0102124a425bd7b02c406b2f4af822b3e18106144","source":"malware-bazaar","category":"malware","severity":"high","title":"Lunch.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"249dc8a9dc96ef5f65a96277e2e022e2","sha1":"a773c006c415ba353cf197f9e254999d3860dbce","sha256":"5364a6db5cfb43f056be8dd0102124a425bd7b02c406b2f4af822b3e18106144"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:28Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/5364a6db5cfb43f056be8dd0102124a425bd7b02c406b2f4af822b3e18106144/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-22bdb406f852375a0dec9a309d923d39f3e38f7b465fb51ea0710d70b9eb3ba8","source":"malware-bazaar","category":"malware","severity":"high","title":"Jump.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"9cff319d04fe3ad5b7afdaa1c33aaa08","sha1":"40147a62b1f6bdc19a9db059f1c896495f65e12e","sha256":"22bdb406f852375a0dec9a309d923d39f3e38f7b465fb51ea0710d70b9eb3ba8"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:20Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/22bdb406f852375a0dec9a309d923d39f3e38f7b465fb51ea0710d70b9eb3ba8/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-2b9067eeb7909d5e78c83d9a37b379d6531a5b893d5a002b06c4f851edb1f402","source":"malware-bazaar","category":"malware","severity":"high","title":"Gold.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"13543fe2894ca8577f234c4641ae4890","sha1":"22d48c4483602f87e5d94764dc838cb403de31c0","sha256":"2b9067eeb7909d5e78c83d9a37b379d6531a5b893d5a002b06c4f851edb1f402"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:46:11Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/2b9067eeb7909d5e78c83d9a37b379d6531a5b893d5a002b06c4f851edb1f402/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-8057846b383074f436e035011f2b47ce14f4bdbf9b3d8146bdd3bfa47863ad0d","source":"malware-bazaar","category":"malware","severity":"high","title":"102214433.dll","description":"File type: exe | Reporter: seventh","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"da86876a180c98bde9151bb97bd82492","sha1":"c5bec0cb69878d2883067ec3760bfa0a4e8ebc37","sha256":"8057846b383074f436e035011f2b47ce14f4bdbf9b3d8146bdd3bfa47863ad0d"}},"tags":["exe","Generic"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:28:10Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/8057846b383074f436e035011f2b47ce14f4bdbf9b3d8146bdd3bfa47863ad0d/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.148.10.151","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.148.10.151","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.148.10.151"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/45.148.10.151","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-58.57.154.146","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 58.57.154.146","description":"Country: CN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["58.57.154.146"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/58.57.154.146","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-213.209.159.231","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 213.209.159.231","description":"Country: DE | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["213.209.159.231"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/213.209.159.231","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-37.10.113.217","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 37.10.113.217","description":"Country: GB | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["37.10.113.217"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/37.10.113.217","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-66.132.172.157","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 66.132.172.157","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["66.132.172.157"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/66.132.172.157","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-152.32.182.165","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 152.32.182.165","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["152.32.182.165"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/152.32.182.165","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-88.214.25.121","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 88.214.25.121","description":"Country: DE | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["88.214.25.121"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/88.214.25.121","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-193.163.125.91","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 193.163.125.91","description":"Country: GB | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["193.163.125.91"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/193.163.125.91","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-195.178.110.26","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 195.178.110.26","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["195.178.110.26"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:01.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/195.178.110.26","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-222.239.251.12","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 222.239.251.12","description":"Country: KR | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["222.239.251.12"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/222.239.251.12","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-64.62.156.203","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 64.62.156.203","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["64.62.156.203"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/64.62.156.203","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.148.10.147","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.148.10.147","description":"Country: NL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.148.10.147"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/45.148.10.147","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-167.172.126.69","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 167.172.126.69","description":"Country: US | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["167.172.126.69"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/167.172.126.69","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-45.40.57.23","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 45.40.57.23","description":"Country: IN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["45.40.57.23"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/45.40.57.23","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-2.57.122.197","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 2.57.122.197","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["2.57.122.197"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/2.57.122.197","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-174.138.29.13","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 174.138.29.13","description":"Country: SG | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["174.138.29.13"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/174.138.29.13","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-195.85.207.253","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 195.85.207.253","description":"Country: TR | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["195.85.207.253"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/195.85.207.253","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-92.118.39.196","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 92.118.39.196","description":"Country: RO | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["92.118.39.196"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/92.118.39.196","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-87.251.64.147","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 87.251.64.147","description":"Country: PL | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["87.251.64.147"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:17:00.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/87.251.64.147","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"abuseip-14.225.3.79","source":"abuse-ipdb","category":"ip-reputation","severity":"critical","title":"Malicious IP: 14.225.3.79","description":"Country: VN | ISP: unknown | Abuse score: 100%","indicators":{"cves":[],"ips":["14.225.3.79"],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":100,"publishedAt":"2026-04-23T02:16:59.000Z","fetchedAt":"2026-04-23T03:00:00.179Z","references":[{"url":"https://www.abuseipdb.com/check/14.225.3.79","label":"AbuseIPDB","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41243","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41243 — OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0…","description":"OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2…","indicators":{"cves":["CVE-2026-41243"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:19.040Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/siemvk/OpenLearn/commit/844b2a40a69d0c4911580fe501923f0b391313ab","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/siemvk/OpenLearn/security/advisories/GHSA-4rv3-hfh6-vqvm","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41211","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41211 — Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `download…","description":"Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A caller can supply `../` segments or an absolute path to escape the `VP_HOME/package_manager/<pm>/` c…","indicators":{"cves":["CVE-2026-41211"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.860Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/voidzero-dev/vite-plus/security/advisories/GHSA-33r3-4whc-44c2","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41208","source":"nvd","category":"vulnerability","severity":"critical","title":"CVE-2026-41208 — Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business.…","description":"Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server…","indicators":{"cves":["CVE-2026-41208","CVE-2026-41679"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":["rce"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.670Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/paperclipai/paperclip/security/advisories/GHSA-265w-rf2w-cjh4","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/paperclipai/paperclip/security/advisories/GHSA-68qg-g8mg-6pr7","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41206","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41206 — PySpector is a static analysis security testing (SAST) Framework engineered for modern Python develo…","description":"PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in…","indicators":{"cves":["CVE-2026-41206"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.533Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/ParzivalHack/PySpector/commit/3c9547157fc07396f22b26b3484a9a91eba98555","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ParzivalHack/PySpector/commit/4e279e078c53d760fd321ff9b698d683c65ccb8e","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-vp22-38m5-r39r","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41200","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41200 — STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) a…","description":"STIG Manager is an API and web client for managing  Security Technical Implementation Guides (STIG) assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting (XSS) vulnerability in the OIDC authentication error handling code in `src/init.js` and `public/…","indicators":{"cves":["CVE-2026-41200"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.333Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/NUWCDIVNPT/stig-manager/security/advisories/GHSA-wg33-j3rv-jq72","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41197","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41197 — Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compat…","description":"Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructi…","indicators":{"cves":["CVE-2026-41197"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:18.127Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/noir-lang/noir/releases/tag/v1.0.0-beta.19","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/noir-lang/noir/security/advisories/GHSA-jj7c-x25r-r8r3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41196","source":"nvd","category":"vulnerability","severity":"unknown","title":"CVE-2026-41196 — Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0…","description":"Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the ser…","indicators":{"cves":["CVE-2026-41196"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:17.900Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41182","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-41182 — LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.…","description":"LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to streaming token events. When…","indicators":{"cves":["CVE-2026-41182"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:16.123Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-rr7j-v2q5-chgv","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-41180","source":"nvd","category":"vulnerability","severity":"high","title":"CVE-2026-41180 — PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload…","description":"PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later writes using the decoded `req.params.uploadId`. In depl…","indicators":{"cves":["CVE-2026-41180"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:15.977Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/psi-4ward/psitransfer/commit/8b547bf3e09757122efa00aab90281e3915aa0c6","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/psi-4ward/psitransfer/releases/tag/v2.4.3","label":"security-advisories@github.com","domainType":"primary"},{"url":"https://github.com/psi-4ward/psitransfer/security/advisories/GHSA-533q-w4g6-5586","label":"security-advisories@github.com","domainType":"primary"}],"feedLabel":null},{"id":"nvd-CVE-2026-1923","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-1923 — The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Sc…","description":"The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscr…","indicators":{"cves":["CVE-2026-1923"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:16:15.737Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://plugins.trac.wordpress.org/changeset/3467694/social-rocket","label":"security@wordfence.com","domainType":"other"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d92fc04e-201e-4fc3-bbf0-4f2f3de3ee95?source=cve","label":"security@wordfence.com","domainType":"other"}],"feedLabel":null},{"id":"malbaz-95b620de060eaaedf521423892275b8fe6f635e720c9f294704d1f1df5b46036","source":"malware-bazaar","category":"malware","severity":"high","title":"Earn.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"4725d3cc859e5ce08ae392596b497485","sha1":"d85c25d7d0dc38a7f7ce101b38dd1fb140768404","sha256":"95b620de060eaaedf521423892275b8fe6f635e720c9f294704d1f1df5b46036"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:15:55Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/95b620de060eaaedf521423892275b8fe6f635e720c9f294704d1f1df5b46036/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-ebe53bdc9a171b425a091131e45c9119a8652b57fd00c08c8f7de300a32092af","source":"malware-bazaar","category":"malware","severity":"high","title":"57E2D4450641AFB778B17A9348AE707F.exe","description":"File type: exe | Reporter: abuse_ch","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"57e2d4450641afb778b17a9348ae707f","sha1":"0e27a306c5405bdb305ff2a3e458f35340e11b4e","sha256":"ebe53bdc9a171b425a091131e45c9119a8652b57fd00c08c8f7de300a32092af"}},"tags":["exe","Loki"],"malwareFamily":"Loki","confidence":null,"publishedAt":"2026-04-23T02:10:17Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/ebe53bdc9a171b425a091131e45c9119a8652b57fd00c08c8f7de300a32092af/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8","source":"malware-bazaar","category":"malware","severity":"high","title":"vpuuaqjs.dll","description":"File type: dll | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"53062a067d23ec46fba15b6d2cea672d","sha1":"12809654ca28bd7391d820ed34176755eb2561f4","sha256":"bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8"}},"tags":["dll"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:07:39Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/bc4398448cea0dce1a025b061145801b0ba27f7840f4298748ea9302408024b8/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-4f3ac17ca2c10d5129d7001d855b7ac073abccde991424cb2962a48ed3e8bb0b","source":"malware-bazaar","category":"malware","severity":"high","title":"perfect.ps1","description":"File type: ps1 | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"202a45a94c6484ea89330c2075842933","sha1":"f9a9f87ae46e1df10176caaa5e75a452f3226036","sha256":"4f3ac17ca2c10d5129d7001d855b7ac073abccde991424cb2962a48ed3e8bb0b"}},"tags":["ps1"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:07:32Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/4f3ac17ca2c10d5129d7001d855b7ac073abccde991424cb2962a48ed3e8bb0b/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"malbaz-827954fcfe9efbda35968d9f5928b12d75f9e5c8ea0026df19296ccc4623b170","source":"malware-bazaar","category":"malware","severity":"high","title":"explorer.exe","description":"File type: exe | Reporter: BastianHein_","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":"95267bdaef5c91708ee495af88a5b395","sha1":"cc31c02ee881ea5927984f9e7f2ceebe2d47b571","sha256":"827954fcfe9efbda35968d9f5928b12d75f9e5c8ea0026df19296ccc4623b170"}},"tags":["exe"],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T02:07:26Z","fetchedAt":"2026-04-23T03:00:04.816Z","references":[{"url":"https://bazaar.abuse.ch/sample/827954fcfe9efbda35968d9f5928b12d75f9e5c8ea0026df19296ccc4623b170/","label":"MalwareBazaar","domainType":"primary"}],"feedLabel":null},{"id":"threatfox-1796370","source":"threatfox","category":"threat-intel","severity":"medium","title":"payload: undefined","description":"https://x.com/suyog41/status/2046592187606220864","indicators":{"cves":[],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[".NET","stage3","CLR-host","stage2","ClickFix","garble","go","EnmityStealer","finger-tcp79","fingerfix","win.fingerfix","finger-delivery","Mirax"],"malwareFamily":"Unknown malware","confidence":100,"publishedAt":"2026-04-23T01:03:34Z","fetchedAt":"2026-04-23T03:00:05.010Z","references":[{"url":"https://x.com/suyog41/status/2046592187606220864","label":"ThreatFox","domainType":"other"},{"url":"https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes","label":"ThreatFox","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6878","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of…","description":"A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be di…","indicators":{"cves":["CVE-2026-6878"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:47.233Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/zast-ai/vulnerability-reports/blob/main/bytedance/verl_rce.md","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/795257","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359040","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359040/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null},{"id":"nvd-CVE-2026-6874","source":"nvd","category":"vulnerability","severity":"medium","title":"CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function…","description":"A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The exploit…","indicators":{"cves":["CVE-2026-6874"],"ips":[],"domains":[],"urls":[],"hashes":{"md5":null,"sha1":null,"sha256":null}},"tags":[],"malwareFamily":null,"confidence":null,"publishedAt":"2026-04-23T00:16:47.050Z","fetchedAt":"2026-04-23T03:00:26.085Z","references":[{"url":"https://github.com/August829/CVEP/issues/32","label":"cna@vuldb.com","domainType":"primary"},{"url":"https://vuldb.com/submit/795212","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359039","label":"cna@vuldb.com","domainType":"other"},{"url":"https://vuldb.com/vuln/359039/cti","label":"cna@vuldb.com","domainType":"other"}],"feedLabel":null}],"total":1334}