[Threatview.io] Detection Tip:

If you see IP/domain getting blocked with reason - “ET Threatview.io High Confidence Cobalt Strike C2” in your suricata rules. You have blocked and detected #cobaltstrike in your network. Please do host analysis to 7nderstand the impact.

#threatfeeds
#dfir

[Threatview.io]⚡️Glad to see #cobaltstrike detections based on ioc’s detected by our scanner present in Suricata Signatures - “ET Threatview.io High Confidence Cobalt Strike C2”

🚀 More new detection rules updated for c2 & #phishing

#dfirreport

https://thedfirreport.com/2024/08/26/blacksuit-ransomware/

[Threatview.io]⚡️Some domains likely used by #transparentTribe targetting #India

counciling[.]com
nbssedelhi[.]org
ashifdigitalseva[.]xyz
birthdeath[.]in
gov-certificate[.]com
viewss[.]click
admin-mcas-df[.]ms
admin-mcas[.]ms
mcas-df[.]ms
mcas[.]ms
verifycertificate[.]info
nimsme[.]org

#threatintel
#dfir
#apt

[Threatview.io] We have now enabled rate limiting on our feeds frequency - 2 request of same page in 10 seconds.

Someone started to pull our #threatfeeds every second, while we appreciate your dedication - please be considerate of frequency.

Serving community with 🆓 High Fidelity Cyber Threat Feeds since 2019.

#threatintel
#threatintelligence

[Threatview.io] ⚡️Our proactive hunter detected an interesting host 193.26.115[.]34.

📍01 August 2024 - Host was flagged for hosting #AsyncRat C2 on VT

📍06 August 2024 - Host was infected with #redeemer #ransomware

🤔RDP bruteforced of c2 hoster/ anti-forensic / plausible deniability ?

#threatintel
#dfir

Major updates

- New C2 variants added to community IP Blocklist
- New #Phishing domain signatures added to community Domain Blocklist
- Enhanced Twitter Crawler for #OSINT Feed
- New sources added to collection

🆓 All feeds available @ Threatview.io

#ThreatIntel
#CTI

[ Threatview.io ] 🌀 Malicious #phishing domain spotted themed for "Suspicious Activity Report Form 2024"

⚠️form-fincen-109[.]com

https://urlscan.io/result/f09f797e-96d9-4996-8121-02b839af797a/