{
    "id": "1808233",
    "ioc": "update-trellix.com",
    "ioc_type": "domain",
    "threat_type": "botnet_cc",
    "malware": "win.plugx",
    "malware_printable": "PlugX",
    "malware_alias": "Destroy RAT,Kaba,Korplug,Sogu,TIGERPLUG,RedDelta",
    "confidence_level": "49",
    "first_seen": "2026-05-08 08:00:00 UTC",
    "last_seen": null,
    "reporter": null,
    "reference": "https:\/\/www.sophos.com\/en-us\/blog\/donuts-and-beagles-fake-claude-site-spreads-backdoor",
    "threatfox_link": "https:\/\/threatfox\/ioc\/1808233",
    "tags": []
}