A Practical Guide to Uncovering Malicious Infrastructure With Hunt.io

This guide demonstrates how to use Hunt.io to investigate and track malicious infrastructure. Starting with a single suspicious IP address, the process involves analyzing hosting providers, domain information, open ports, HTTP responses, and TLS certificates. The investigation reveals connections to potential cryptocurrency fraud and malware operations. By leveraging Hunt's scan data and SQL queries, a small cluster of related servers is identified, possibly linked to Latrodectus malware. The guide emphasizes the importance of persistence, pattern recognition, and correlating data from multiple intelligence sources to effectively track threat actor operations.

Pulse ID: 67e342d7a17ba37eb960497a
Pulse Link: https://otx.alienvault.com/pulse/67e342d7a17ba37eb960497a
Pulse Author: AlienVault
Created: 2025-03-25 23:57:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

This morning I spent some time debugging an app which logs as if it's AD 57203, to wit

{"level":20,"time":1742987150412,"pid":1, ...

$ date -r 1742987150412
Fri Jan 24 10:20:12 CET 57203

but it turns out the other instance (the one that works, as in the user is able to download files from there) has roughly the same time internally, so *that* was not its main problem.

Mind boggled, debugging to continue until *something* improves.

So after listening to your feedback, I agree: let’s spend that money in the EU to create a publicly-owned, free and open ACME-compatible certificate authority.

See post quoted below, with links to Tom’s work as he’s already been thinking/working on this.

#EU #ACME #TLS #security #LetsEncrypt #technologyCommons #SmallTech https://mamot.fr/@tdelmas/114224564125819333

Let’s Encrypt at risk from Trump cuts to OTF: “Let’s Encrypt received around $800,000 in funding from the OTF”

Dear @EUCommission, get your heads out of your arses and let’s find @letsencrypt €1M/year (a rounding error in EU finances) and have them move to the EU.

If Let’s Encrypt is fucked, the web is fucked, and the Small Web is fucked too. So how about we don’t let that happen, yeah?

(In the meanwhile, if the Let’s Encrypt folks want to make a point about how essential they are, it might be an idea to refuse certificates to republican politicians. See how they like their donation systems breaking in real time…)

CC @nlnet @NGIZero@mastodon.xyz

#USA #fascism #OpenTechFund #LetsEncrypt #SSL #TLS #encryption #EU #web #tech #SmallWeb #SmallTech https://mastodon.social/@publictorsten/114223873439053263

Merely saying 'We speak a secret tongue' is not enough. One's wizards must speak the appropriate tongue, and speak it only in a most cautious fashion. #cybersecurity #TLS https://cromwell-intl.com/cybersecurity/ssl-tls.html?s=mc

With the proper documents, any may pass and be trusted. #TLS #LetsEncrypt #Linux #OpenSource https://cromwell-intl.com/open-source/letsencrypt-tls-cert-godaddy.html?s=mc

Are you currently using #Cockpit with the builtin self-signed #TLS #certificate fallback? We would like to deprecate this, but need your input for that. Thank you in advance!

https://github.com/cockpit-project/cockpit/discussions/21695

By consulting the proper documents, one may speak a secure and secret tongue. #TLS #LetsEncrypt #OpenSource https://cromwell-intl.com/open-source/google-freebsd-tls/tls-certificate.html?s=mc

Learn the subtle battle language used in the realm of the clouds. #TLS #FreeBSD #GoogleCloud #OpenSource https://cromwell-intl.com/open-source/google-freebsd-tls/https-headers.html?s=mc

#TLS
Tadam ! Bientôt Let's Encypt pourra signer des certificats pour des adresses IP (et pas juste des noms). https://github.com/letsencrypt/boulder/pull/8020

Build a fortress in the realm of the clouds. #FreeBSD #GCP #GoogleCloud #OpenSource #TLS https://cromwell-intl.com/open-source/google-freebsd-tls/?s=mc

So, apparently, it is no longer possible to require #HTTPS client certificate authentication for a specific subtree when using #TLS 1.3, because renegotiation is no longer supported and there is no replacement protocol for “hey client, if you want to go in there, I'm gonna need to see your certificate first.”

Lovely. I was using that.

Send your messages with trusted couriers only. #Linux #FreeBSD #OpenSource #TLS https://cromwell-intl.com/open-source/sendmail-ssl.html?s=mc

#OpenSSL 3.3.3 (stable) has been released (#SSL / #TLS) https://openssl.org/

#OpenSSL 3.4.1 has been released (#SSL / #TLS) https://openssl.org/

I put together another summary of where we currently are with respect to Post-Quantum #Cryptography in the industry:

https://www.netmeister.org/blog/pqc-2025-02.html

More supply chain thoughts.

Let's Encrypt is based in the United States.

I wish authentication on the web worked like this:

- Every browser has one (or more) public key(s).
- The browser presents the public key to the server on request.
- A public key can be shared between browsers of the same user.
- To give your friend access to a web site, you simply ask for their public key.

I know there are passkeys and TLS client certificates, but all implementations are majorly flawed and half-assed in my opinion.

After Google stops trusting #TLS certificates from #Entrust they finally sell their public certificate business to #Sectigo

https://www.entrust.com/company/newsroom/entrust-sells-public-certificate-business-to-sectigo