Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

mastodon.ie: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.2

#advancedipscanner

0 posts0 participants0 posts today
OTX Bot<p>Hide Your RDP: Password Spray Leads to RansomHub Deployment</p><p>This report details a cyberattack where threat actors gained initial access through a password spray attack on an exposed RDP server. They used Mimikatz and Nirsoft for credential harvesting, and employed living-off-the-land techniques along with tools like Advanced IP Scanner for network discovery. The attackers utilized Rclone for data exfiltration via SFTP and deployed RansomHub ransomware across the network using SMB and remote services. The intrusion lasted six days, culminating in widespread encryption and ransom demands. Key phases included initial access, lateral movement, credential theft, data exfiltration, and ransomware deployment, demonstrating a sophisticated and multi-staged attack methodology.</p><p>Pulse ID: 6862dc349ae605bef0998ced<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6862dc349ae605bef0998ced" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6862d</span><span class="invisible">c349ae605bef0998ced</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-06-30 18:49:24</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/AdvancedIPScanner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AdvancedIPScanner</span></a> <a href="https://social.raytec.co/tags/CredentialHarvesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialHarvesting</span></a> <a href="https://social.raytec.co/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Password</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RDP</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/Rclone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rclone</span></a> <a href="https://social.raytec.co/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
ITSEC News<p>The Stark Truth Behind the Resurgence of Russia’s Fin7 - The Russia-based cybercrime group dubbed “Fin7,” known for phishing and malware at... <a href="https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2024/07/th</span><span class="invisible">e-stark-truth-behind-the-resurgence-of-russias-fin7/</span></a> <a href="https://schleuss.online/tags/starkindustriessolutions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>starkindustriessolutions</span></a> <a href="https://schleuss.online/tags/russiaswaronukraine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>russiaswaronukraine</span></a> <a href="https://schleuss.online/tags/protectedpdfviewer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>protectedpdfviewer</span></a> <a href="https://schleuss.online/tags/advancedipscanner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advancedipscanner</span></a> <a href="https://schleuss.online/tags/neer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>neer</span></a>-do-wellnews <a href="https://schleuss.online/tags/bastionsecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bastionsecure</span></a> <a href="https://schleuss.online/tags/combisecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>combisecurity</span></a> <a href="https://schleuss.online/tags/spearphishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spearphishing</span></a> <a href="https://schleuss.online/tags/typosquatting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>typosquatting</span></a> <a href="https://schleuss.online/tags/malwarebytes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwarebytes</span></a> <a href="https://schleuss.online/tags/webfraud2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webfraud2</span></a>.0 <a href="https://schleuss.online/tags/sublimetext" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sublimetext</span></a> <a href="https://schleuss.online/tags/zachedwards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zachedwards</span></a> <a href="https://schleuss.online/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://schleuss.online/tags/blackberry" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blackberry</span></a> #7-zip</p>
Not Simon<p><strong>Huntress</strong> takes us on a step-by-step adventure to redownload a malicious file purporting to be Advanced IP Scanner from Google Ad malvertising. Other than the initial malicious website, no other IOC. 🔗 <a href="https://www.huntress.com/blog/analyzing-a-malicious-advanced-ip-scanner-google-ad-redirection" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">huntress.com/blog/analyzing-a-</span><span class="invisible">malicious-advanced-ip-scanner-google-ad-redirection</span></a></p><p><a href="https://infosec.exchange/tags/AdvancedIPScanner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AdvancedIPScanner</span></a> <a href="https://infosec.exchange/tags/malvertising" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malvertising</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a></p>
TrendingLive feeds
About