OTX Bot1d ago

Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware

An intrusion was observed in April 2026 where threat actors deployed EtherRAT malware through a malicious MSI installer disguised as a Sysinternals tool. The malware utilized Ethereum blockchain via EtherHiding for dynamic C2 configuration updates. Following reconnaissance activities, actors deployed TukTuk malware framework using DLL sideloading techniques with legitimate applications like Greenshot and SyncTrayzor. TukTuk established C2 channels through SaaS platforms including ClickHouse and Supabase, with backup channels via Ably, Dropbox, and GitHub Issues. The actors performed Kerberoasting, credential theft via Mimikatz and LSASS dumping, and deployed GoTo Resolve RMM tooling for lateral movement. Data exfiltration to Wasabi cloud storage was conducted using Rclone before deploying The Gentlemen ransomware domain-wide through a malicious GPO. The intrusion leveraged blockchain infrastructure, SaaS platforms, and decentralized services to evade traditional network defenses.

Pulse ID: 6a0200aec25a59a6b9d4edcf
Pulse Link: https://otx.alienvault.com/pulse/6a0200aec25a59a6b9d4edcf
Pulse Author: AlienVault
Created: 2026-05-11 16:15:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BlockChain #Cloud #CyberSecurity #Dropbox #EtherHiding #GitHub #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RansomWare #Rclone #SideLoading #UK #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
The Eclectic Light Company [Unofficial]2d ago

Does iCloud Drive now lose almost all metadata?

https://fed.brid.gy/r/https://eclecticlight.co/2026/05/11/does-icloud-drive-now-lose-almost-all-metadata/

The Eclectic Light Company [Unofficial]4d ago

Explainer: File Provider and cloud services

https://fed.brid.gy/r/https://eclecticlight.co/2026/05/09/explainer-file-provider-and-cloud-services/

Andrew Armstrong6d ago
Dropbox Whitelists for Web Security Proxy | https://techygeekshome.info/dropbox-whitelists-for-web-security/?fsp_sid=30793 | #Dropbox #Guide #Storage #WebSecurity 
https://techygeekshome.info/dropbox-whitelists-for-web-security/?fsp_sid=30793
nydusMay 4
*Tuta Drive: Ein innovativer Ansatz im Cloud-Speicher-Sektor*
Der neu entwickelte Cloud-Service Tuta Drive steht derzeit in der geschlossenen Beta-Phase und bietet Nutzern verschlüsselten Speicherplatz.
{ #Szene #Google #Datenschutz #Dropbox #Angriff }
>> https://nydus.org/news/135655-tuta-drive-ein-innovativer-ansatz-im-cloud-speicher-sektor.html
Show threadJulian RADEMACHERMay 2

I #DIDit again!

🗃️ Gerade habe ich den Stecker bei #Dropbox gezogen.

🗄️ Als Ersatz nutze ich je nach Anwendungsfall verschiedene Dienste, die entweder aus deutscher oder europäischer Hand stammen.
🖥️ Manche werden sogar von mir selbst privat betrieben.

#DUT
#DID

Andrew ArmstrongMay 1
Dropbox Whitelists for Web Security Proxy | https://techygeekshome.info/dropbox-whitelists-for-web-security/?fsp_sid=40337 | #Dropbox #Guide #Storage #WebSecurity 
https://techygeekshome.info/dropbox-whitelists-for-web-security/?fsp_sid=40337
InfoQApr 29

#Dropbox cut its backend monorepo from 87GB → 20GB.📉

In collaboration with #GitHub, they fixed a massive bottleneck by optimizing Git delta compression.

The impact:
• Reduced clone times
• Improved CI performance
• Boosted developer velocity

Learn more 👉 https://bit.ly/3R9pSfZ

#InfoQ #SoftwareArchitecture #Git #Monorepo #Optimization

OTX BotApr 29

Attack Activity Analysis Using SSH+TOR Tunnels for Covert Persistence

APT-C-13 (Sandworm), also known as FROZENBARENTS, is a state-sponsored advanced persistent threat group conducting global cyber espionage targeting government agencies, diplomatic departments, energy enterprises, and research organizations. Recently detected samples reveal the group's use of nested SSH and TOR tunnel architecture to establish covert communication channels. The attack begins with spear-phishing emails delivering malicious LNK files disguised as PDF documents. Upon execution, the payload deploys TOR hidden services mapping internal ports (SMB/445, RDP/3389) to onion domains, while SSH services with public key authentication provide encrypted remote access. The malware employs obfs4 protocol to obfuscate TOR traffic, evading deep packet inspection. Persistence is achieved through scheduled tasks masquerading as legitimate applications like Opera GX and Dropbox, establishing an anonymous shadow management infrastructure for sustained intelligence collection.

Pulse ID: 69f06b1eeeb1fca735cb0bb8
Pulse Link: https://otx.alienvault.com/pulse/69f06b1eeeb1fca735cb0bb8
Pulse Author: AlienVault
Created: 2026-04-28 08:09:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Dropbox #Email #Espionage #Government #InfoSec #LNK #Malware #OTX #Onion #OpenThreatExchange #Opera #PDF #Phishing #RDP #SMB #SSH #Sandworm #SpearPhishing #Worm #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
Tim 🎮Apr 28

Starting to properly look into an alternative to #Dropbox or #OneDrive. I'm currently paying AU$109/year ($9/month) for my home Office subscription which includes a terabyte of OD space. Dropbox is $184/year ($15/mo) for 2TB of space. I currently have about 100GB of data to house.

Looks like it costs about AU$80/month to put 100GB of data on a webhost in Australia.

Can anyone suggest somewhere priced in between that'd let me use NextCloud or similar? Boosts and suggestions welcome. #AskFedi