RDP Snitch54m ago

2026-05-14 RDP #Honeypot IOCs - 141 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
103.149.252.30 - 30
45.142.193.145 - 12
138.68.4.38 - 12

Top ASNs:
AS396982 - 36
AS135918 - 30
AS48721 - 15

Top Accounts:
Test - 30
hello - 30
Administr - 12

Top ISPs:
Google LLC - 36
AI-SOL - 30
Flyservers S.A. - 21

Top Clients:
Unknown - 141

Top Software:
Unknown - 141

Top Keyboards:
Unknown - 141

Top IP Classification:
Unknown - 84
hosting - 51
hosting & proxy - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch57m ago

2026-05-14 RDP #Honeypot IOCs - 94 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
103.149.252.30 - 20
45.142.193.145 - 8
138.68.4.38 - 8

Top ASNs:
AS396982 - 24
AS135918 - 20
AS48721 - 10

Top Accounts:
Test - 20
hello - 20
Administr - 8

Top ISPs:
Google LLC - 24
AI-SOL - 20
Flyservers S.A. - 14

Top Clients:
Unknown - 94

Top Software:
Unknown - 94

Top Keyboards:
Unknown - 94

Top IP Classification:
Unknown - 56
hosting - 34
hosting & proxy - 4

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch58m ago

2026-05-14 RDP #Honeypot IOCs - 47 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
103.149.252.30 - 10
45.142.193.145 - 4
138.68.4.38 - 4

Top ASNs:
AS396982 - 12
AS135918 - 10
AS48721 - 5

Top Accounts:
Test - 10
hello - 10
Administr - 4

Top ISPs:
Google LLC - 12
AI-SOL - 10
Flyservers S.A. - 7

Top Clients:
Unknown - 47

Top Software:
Unknown - 47

Top Keyboards:
Unknown - 47

Top IP Classification:
Unknown - 28
hosting - 17
hosting & proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Habr12h ago

История одного инцидента, или почему не стоит публиковать 1С

Всем привет, на связи команда DFIR JetCSIRT! Недавно мы столкнулись с кейсом, где злоумышленники были обнаружены на ранних этапах атаки. Они не успели довести дело до импакта, но изрядно наследили, что дало нам возможность изучить их тактики, техники и процедуры (TTP) в действии. Мы готовы рассказать, как это было, и дать рекомендации по повышению уровня защищенности.

https://habr.com/ru/companies/jetinfosystems/articles/1035226/

#Ransomware #DFIR #1С #Форензика #Forensics #информационная_безопасность #вредоносное_ПО #SOC #иб

История одного инцидента, или почему не стоит публиковать 1С

Всем привет, на связи команда DFIR JetCSIRT! Недавно мы столкнулись с кейсом, где злоумышленники были обнаружены на ранних этапах атаки. Они не успели довести дело до импакта, но изрядно наследили,...

Хабр
RDP Snitch1d ago

2026-05-13 RDP #Honeypot IOCs - 804 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
111.68.111.216 - 570
103.149.252.30 - 60
46.63.101.233 - 42

Top ASNs:
AS45773 - 570
AS135918 - 60
AS51784 - 42

Top Accounts:
hello - 702
Test - 36
Domain - 18

Top ISPs:
HEC - 570
AI-SOL - 60
X-city Customers and Private - 42

Top Clients:
Unknown - 804

Top Software:
Unknown - 804

Top Keyboards:
Unknown - 804

Top IP Classification:
Unknown - 762
hosting - 33
proxy - 6

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch1d ago

2026-05-13 RDP #Honeypot IOCs - 536 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
111.68.111.216 - 380
103.149.252.30 - 40
46.63.101.233 - 28

Top ASNs:
AS45773 - 380
AS135918 - 40
AS51784 - 28

Top Accounts:
hello - 468
Test - 24
Domain - 12

Top ISPs:
HEC - 380
AI-SOL - 40
X-city Customers and Private - 28

Top Clients:
Unknown - 536

Top Software:
Unknown - 536

Top Keyboards:
Unknown - 536

Top IP Classification:
Unknown - 508
hosting - 22
proxy - 4

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch1d ago

2026-05-13 RDP #Honeypot IOCs - 268 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
111.68.111.216 - 190
103.149.252.30 - 20
46.63.101.233 - 14

Top ASNs:
AS45773 - 190
AS135918 - 20
AS51784 - 14

Top Accounts:
hello - 234
Test - 12
Domain - 6

Top ISPs:
HEC - 190
AI-SOL - 20
X-city Customers and Private - 14

Top Clients:
Unknown - 268

Top Software:
Unknown - 268

Top Keyboards:
Unknown - 268

Top IP Classification:
Unknown - 254
hosting - 11
proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

Corey Hudson Dirrig1d ago

As security alerts skyrocket and cloud infrastructure becomes the new normal, is the traditional Security Operations Center officially hitting its breaking point? 🔐 https://youtu.be/Pi7AMLDUHBM?si=KhtbvP9kc-IVT6KR

🎙️ In this live episode of the Security Boulevard Podcast recorded at Security Field Day, host Tom Hollingsworth is joined by analysts Jack Poller and Fernando Montenegro to dissect the massive shifts hitting SecOps.

#SecurityBoulevard #Cybersecurity #SecurityPodcast #SOC #XFD15

RDP Snitch2d ago

2026-05-12 RDP #Honeypot IOCs - 1833 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
111.68.111.216 - 1197
111.68.111.219 - 432
46.63.101.233 - 66

Top ASNs:
AS45773 - 1629
AS51784 - 66
AS14061 - 45

Top Accounts:
hello - 1755
Domain - 9
root - 6

Top ISPs:
HEC - 1629
X-city Customers and Private - 66
DigitalOcean, LLC - 45

Top Clients:
Unknown - 1833

Top Software:
Unknown - 1833

Top Keyboards:
Unknown - 1833

Top IP Classification:
Unknown - 1725
hosting - 105
hosting & proxy - 3

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security

RDP Snitch2d ago

2026-05-12 RDP #Honeypot IOCs - 1222 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec

Top IPs:
111.68.111.216 - 798
111.68.111.219 - 288
46.63.101.233 - 44

Top ASNs:
AS45773 - 1086
AS51784 - 44
AS14061 - 30

Top Accounts:
hello - 1170
Domain - 6
root - 4

Top ISPs:
HEC - 1086
X-city Customers and Private - 44
DigitalOcean, LLC - 30

Top Clients:
Unknown - 1222

Top Software:
Unknown - 1222

Top Keyboards:
Unknown - 1222

Top IP Classification:
Unknown - 1150
hosting - 70
hosting & proxy - 2

Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key

#CyberSec #SOC #Blueteam #SecOps #Security