{
    "id": "1808231",
    "ioc": "license.claude-pro.com",
    "ioc_type": "domain",
    "threat_type": "botnet_cc",
    "malware": "win.plugx",
    "malware_printable": "PlugX",
    "malware_alias": "Destroy RAT,Kaba,Korplug,Sogu,TIGERPLUG,RedDelta",
    "confidence_level": "49",
    "first_seen": "2026-05-08 07:59:59 UTC",
    "last_seen": "2026-05-11 17:10:40 UTC",
    "reporter": null,
    "reference": "https:\/\/www.sophos.com\/en-us\/blog\/donuts-and-beagles-fake-claude-site-spreads-backdoor",
    "threatfox_link": "https:\/\/threatfox\/ioc\/1808231",
    "tags": []
}