Did anyone else notice the rat bottom right when Kemi Badenoch was interviewed by Peston?? #kemi #rat
#RAT
The Godfather of Ransomware? Inside Cartel Ambitions
DragonForce, a ransomware group that emerged in late 2023, has become a significant cyber threat. They employ a dual-extortion strategy, encrypting and exfiltrating data, and have targeted various sectors, particularly manufacturing and construction. The group offers a flexible ransomware-as-a-service platform with advanced features, supporting multiple platforms and encryption modes. DragonForce has announced a shift to a cartel model, allowing affiliates to create their own brands. They've also introduced automated registration for new affiliates and a 'Company Data Audit' service to enhance extortion campaigns. The group has engaged in conflicts with rival ransomware operations and claims to have formed a coalition with other major groups. While their connection to DragonForce Malaysia remains unsubstantiated, technical analysis reveals similarities with other ransomware families and sophisticated attack techniques.
Pulse ID: 698329eec78e99f19718ca7c
Pulse Link: https://otx.alienvault.com/pulse/698329eec78e99f19718ca7c
Pulse Author: AlienVault
Created: 2026-02-04 11:13:50
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Encryption #Extortion #InfoSec #Manufacturing #OTX #OpenThreatExchange #RAT #RCE #RansomWare #RansomwareAsAService #bot #AlienVault
Anatomy of a Russian Crypto Drainer Operation
A major cybercriminal operation called Rublevka Team has generated over $10 million through cryptocurrency theft since 2023. The group employs a network of social engineering specialists who direct victims to malicious pages impersonating legitimate crypto services. Using custom JavaScript scripts, they trick users into connecting wallets and authorizing fraudulent transactions. Rublevka Team's infrastructure is fully automated, offering affiliates access to tools for launching high-volume scams. Their model poses a growing threat to cryptocurrency platforms and brands, with potential for reputational and legal risks. The group's agility in rotating domains and targeting lower-cost chains like Solana undermines traditional fraud detection efforts.
Pulse ID: 698364aade09c6acd9e673b9
Pulse Link: https://otx.alienvault.com/pulse/698364aade09c6acd9e673b9
Pulse Author: AlienVault
Created: 2026-02-04 15:24:26
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Java #JavaScript #NATO #OTX #OpenThreatExchange #RAT #Russia #SocialEngineering #bot #cryptocurrency #AlienVault
Punishing Owl Attacks Russia: A New Owl in the Hacktivists' Forest
A new hacking group called Punishing Owl has emerged, targeting Russian critical infrastructure. Their first attack on December 12, 2025, compromised a Russian state security agency, leaking internal documents. The group used DNS manipulation, created fake subdomains, and sent phishing emails to the victim's partners. They employed a PowerShell stealer called ZipWhisper to exfiltrate browser data. Punishing Owl's attacks are politically motivated and focus exclusively on Russian targets, including government agencies, scientific institutions, and IT organizations. The group has established a presence on cybercriminal forums and social media, likely operating from Kazakhstan. Experts predict this group will continue to be a persistent threat in the Russian cyberspace.
Pulse ID: 698365328fd4c9202353787c
Pulse Link: https://otx.alienvault.com/pulse/698365328fd4c9202353787c
Pulse Author: AlienVault
Created: 2026-02-04 15:26:42
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #CyberSecurity #DNS #Email #Government #Hacktivist #InfoSec #Kazakhstan #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Russia #SocialMedia #ZIP #bot #AlienVault
Compromised Routers, DNS, and a TDS Hidden in Aeza Networks
A shadow DNS network and HTTP-based traffic distribution system (TDS) hosted in Aeza International, a sanctioned bulletproof hosting company, has been discovered. The system compromises routers, altering their DNS settings to use shadow resolvers. These resolvers selectively modify responses, directing users to malicious content. The TDS incorporates a clever DNS trick to evade detection by security groups. The system, operational since mid-2022, appears to be run by a financially motivated actor in affiliate marketing. It has the potential to interfere with devices on the network, alter DNS records, and conduct adversary-in-the-middle operations. The threat actor's ability to control DNS resolution poses significant risks beyond delivering unwanted advertising.
Pulse ID: 69836533452882efd5edaa55
Pulse Link: https://otx.alienvault.com/pulse/69836533452882efd5edaa55
Pulse Author: AlienVault
Created: 2026-02-04 15:26:43
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AdversaryInTheMiddle #CyberSecurity #DNS #HTTP #InfoSec #OTX #OpenThreatExchange #RAT #bot #AlienVault
New year, new sector: Targeting India's startup ecosystem
Transparent Tribe, also known as APT36, has expanded its targeting to include India's startup ecosystem, particularly those in the cybersecurity domain. The group is using startup-oriented themed lure material delivered via ISO container-based files to deploy Crimson RAT. This campaign deviates from their typical government and defense targets, suggesting a shift in strategy towards companies providing open-source intelligence services and collaborating with law enforcement agencies. The attack chain involves spear-phishing emails, malicious LNK files, and batch scripts to execute the Crimson RAT payload. The malware employs extensive obfuscation techniques and uses a custom TCP protocol for command and control communications. This activity demonstrates the group's adaptation of proven tooling for new victim profiles while maintaining its core behavioral tactics, techniques, and procedures.
Pulse ID: 69836c616757ccfa9dcad92c
Pulse Link: https://otx.alienvault.com/pulse/69836c616757ccfa9dcad92c
Pulse Author: AlienVault
Created: 2026-02-04 15:57:21
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Email #Government #ICS #India #InfoSec #LNK #LawEnforcement #Malware #OTX #OpenThreatExchange #Phishing #RAT #RCE #SpearPhishing #TCP #TransparentTribe #bot #AlienVault
AI-assisted cloud intrusion achieves admin access in 8 minutes
An AWS environment was targeted in a sophisticated attack, with the threat actor gaining administrative privileges in under 10 minutes. The operation showed signs of leveraging large language models for automation and decision-making. Initial access was obtained through credentials found in public S3 buckets, followed by rapid privilege escalation via Lambda function code injection. The attacker moved laterally across 19 AWS principals, abused Amazon Bedrock for LLMjacking, and launched GPU instances for potential model training. The attack involved extensive reconnaissance, data exfiltration, and attempts to establish persistence. Notable techniques included IP rotation, role chaining, and the use of AI-generated code.
Pulse ID: 69836c62efca44252227678d
Pulse Link: https://otx.alienvault.com/pulse/69836c62efca44252227678d
Pulse Author: AlienVault
Created: 2026-02-04 15:57:22
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Amazon #Cloud #CodeInjection #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #RAT #bot #AlienVault
Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in Southeast Asia
A Chinese threat actor, Amaranth-Dragon, has been conducting highly targeted cyber-espionage campaigns against government and law enforcement agencies in Southeast Asia throughout 2025. The group swiftly exploited the CVE-2025-8088 vulnerability in WinRAR to deliver malicious payloads, including a custom loader and the Havoc C2 Framework. Their operations demonstrate sophisticated tactics, including geo-restricted command and control servers, use of legitimate hosting services, and a new Telegram-based remote access trojan. The campaigns coincide with significant local geopolitical events, increasing the likelihood of successful compromises. Technical analysis reveals similarities with APT-41, suggesting a possible connection or shared resources between the groups.
Pulse ID: 69836c632ca6c16f064a97d5
Pulse Link: https://otx.alienvault.com/pulse/69836c632ca6c16f064a97d5
Pulse Author: AlienVault
Created: 2026-02-04 15:57:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #Chinese #CyberSecurity #Espionage #Government #ICS #InfoSec #LawEnforcement #OTX #OpenThreatExchange #RAT #RCE #RemoteAccessTrojan #Telegram #Trojan #Vulnerability #WinRAR #bot #cyberespionage #AlienVault
極超病原体グダペスト
汝、気を付けたまえ、
これは猛毒で有る。
https://www.deviantart.com/deadly-poison-0/art/Goku-Chou-Byougen-Tai-Guda-Pesuto-jp-1271682421
<>
#AI小説 #sky #front #line #longer #leaden #but #with #sound #wing #low #buzzing #covered #earth #like #Grim #Reaper #swarm #giant #hornet #soon #spotted #group #sewer #rat #stuck #mud #around #confusion #pounced #mercilessly
Гіперпатоген Гудапешт
Будьте обережні,
це дуже отруйна речовина.
https://www.deviantart.com/deadly-poison-0/art/Goku-Chou-Byougen-Tai-Guda-Pesuto-ua-1271683018
<>
#AI小説 #sky #front #line #longer #leaden #but #with #sound #wing #low #buzzing #covered #earth #like #Grim #Reaper #swarm #giant #hornet #soon #spotted #group #sewer #rat #stuck #mud #around #confusion #pounced #mercilessly
極超病原体グダペスト
汝、気を付けたまえ、
これは猛毒で有る。
https://www.deviantart.com/deadly-poison-0/art/Goku-Chou-Byougen-Tai-Guda-Pesuto-jp-1271682421
<>
#AI小説 #sky #front #line #longer #leaden #but #with #sound #wing #low #buzzing #covered #earth #like #Grim #Reaper #swarm #giant #hornet #soon #spotted #group #sewer #rat #stuck #mud #around #confusion #pounced #mercilessly
Гіперпатоген Гудапешт
Будьте обережні,
це дуже отруйна речовина.
https://www.deviantart.com/deadly-poison-0/art/Goku-Chou-Byougen-Tai-Guda-Pesuto-ua-1271683018
<>
#AI小説 #sky #front #line #longer #leaden #but #with #sound #wing #low #buzzing #covered #earth #like #Grim #Reaper #swarm #giant #hornet #soon #spotted #group #sewer #rat #stuck #mud #around #confusion #pounced #mercilessly
„Gemeinsam in Verantwortung“: #SPD, #CDU und #Grüne treffen Personalentscheidungen für Dezernate in #Dortmund bis 2030. Die SPD bekommt die Kämmerei und den Stadtdirektor - der Oberbürgermeister zieht die Kultur zu sich. Scharfe Kritik gibt es von #DieLinke.
#Politik #Rat #Verwaltung
https://www.nordstadtblogger.de/gemeinsam-in-verantwortung-spd-bekommt-kaemmerei-und-stadtdirektor-der-ob-die-kultur/
A hilariously broken #remcos #rat at:
https://refaccionesalma\.com\.mx/cor/ENCRYPTED.ps1
https://app.any.run/tasks/3ab78a39-ee40-4661-9171-bc918f18b432
dumps aspnet_compiler.exe as remcos.exe 😅 Actual exe is fe2dcfff84a13a6ef8835a51a70d8d7b77e98635fbb2524f4fc03b5cb5f9a62a, c2 mrekuro.hopto\.org:5675
NYC apartment with flooding, rats, and roaches gets $800 rent hike
Danger Bulletin: Cyberattacks Against Ukraine and EU Countries Using CVE-2026-21509 Exploit
UAC-0001 (APT28) has launched cyberattacks against Ukraine and EU countries exploiting the CVE-2026-21509 vulnerability in Microsoft Office products. The threat actor created malicious DOC files targeting government bodies and EU organizations. The attack chain involves WebDAV connections, COM hijacking, and the use of the COVENANT framework, which utilizes Filen cloud storage for command and control. The campaign began shortly after the vulnerability's disclosure, with multiple documents discovered containing similar exploits. The attackers employ sophisticated techniques to evade detection and maintain persistence, including disguising malicious files as legitimate Windows components and creating scheduled tasks.
Pulse ID: 6983549d1f4ab8a67c29cd5b
Pulse Link: https://otx.alienvault.com/pulse/6983549d1f4ab8a67c29cd5b
Pulse Author: AlienVault
Created: 2026-02-04 14:15:57
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APT28 #Cloud #CyberAttack #CyberAttacks #CyberSecurity #EU #Government #InfoSec #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #RAT #UK #Ukr #Ukraine #Vulnerability #Windows #bot #AlienVault
cute little rat coin purse
#rat #rats #ratsOfMastodon #ratsOfFediverse #rodents #cute #cuteArt
Threat Intelligence | Analysis of Token Vesting Phishing Poisoning
A targeted attack on the macOS operating system, using a disguised AppleScript, has been uncovered by researchers at the Chainbase Lab and the SlowMist security team, who are working with them to identify and identify the attackers.
Pulse ID: 69834660add8eb64927d7c1c
Pulse Link: https://otx.alienvault.com/pulse/69834660add8eb64927d7c1c
Pulse Author: CyberHunter_NL
Created: 2026-02-04 13:15:12
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Mac #MacOS #OTX #OpenThreatExchange #Phishing #RAT #bot #CyberHunter_NL
Alles voor het pluche voor Rat Jetten:
"Reconstructie van het falen van Jetten en de rechtse 'coup' van Yeşilgöz"
-> "Wat Nederland nu gepresenteerd krijgt als regeringsbeleid is geen visie voor de toekomst"
-> "Geen overkoepelende visie op zorg, sociale zekerheid, arbeid, veiligheid, natuur, innovatie, migratie, integratie, klimaat en solidariteit"
-> "[..] vastgehouden aan controle, eigen belang en idiote snelheid."
(Via @Joop ) #rat #glibber #holvat #drieclowns
https://www.bnnvara.nl/joop/artikelen/reconstructie-van-het-falen-van-jetten-en-de-rechtse-coup-van-yesilgoz
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst