OTX Bot<p>Ransomware Initial Access Brokers Exposed</p><p>An investigation into a brute force attack on an exposed Remote Desktop server led to the discovery of a larger ransomware ecosystem, particularly initial access brokers. The attack began with domain enumeration and successful compromise of an account from multiple IP addresses. The threat actor's unusual behavior of searching for credentials in files prompted further investigation. Analysis of the IP addresses revealed connections to Hive ransomware and BlackSuit. Pivoting from TLS certificates uncovered a network of geographically distributed infrastructure with a pattern of domain names. The case highlights the importance of thorough analysis in incident response and provides insights into the operations and motivations of ransomware actors.</p><p>Pulse ID: 67f8e35978920244e783a62f<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67f8e35978920244e783a62f" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67f8e</span><span class="invisible">35978920244e783a62f</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-11 09:39:37</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BruteForce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BruteForce</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/HiveRansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HiveRansomWare</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLS</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
dmv.community is one of the many independent Mastodon servers you can use to participate in the fediverse.
A small regional Mastodon instance for those in the DC, Maryland, and Virginia areas. Local news, commentary, and conversation.
Administered by:
Server stats:
155active users
dmv.community: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#hiveransomware
0 posts · 0 participants · 0 posts today
OTX Bot<p>Hunters International Shifts from Ransomware to Pure Data Extortion</p><p>Hunters International, which is a sophisticated ransomware operation suggesting<br> connections to the formerly dismantled Hive Ransomware group, has shifted to<br> pure data extortion from ransomware.</p><p>Pulse ID: 67f021613504c9bdb4a2c9f2<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67f021613504c9bdb4a2c9f2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67f02</span><span class="invisible">1613504c9bdb4a2c9f2</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-04-04 18:13:53</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Extortion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Extortion</span></a> <a href="https://social.raytec.co/tags/HiveRansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HiveRansomWare</span></a> <a href="https://social.raytec.co/tags/HuntersInternational" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HuntersInternational</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocti</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload