THREAT INTELLIGENCE CENTER

Advanced OSINT & Dark Web Monitoring Platform

147 Critical IOCsLive Monitoring

APT29 C2 Infrastructure Active

New Cozy Bear C2 server (185.220.102.8) detected targeting government entities. Cobalt Strike beacons communicating every 60 seconds. Block immediately.

Corporate Data Breach on Dark Web

Fortune 500 company database (2.4M records) being sold for $50,000 BTC. Contains customer PII, payment data, internal documents. Breach confirmed Q3 2024.

Indicators of Compromise (IOCs)

Real-time threat intelligence feeds and malicious indicators

IP185.220.102.8

c2 Threat

CRITICAL

95% Confidence

First Seen

2024-08-15

Last Seen

2024-09-07

Description:

Command and control server for Cobalt Strike beacons. Associated with APT29 operations targeting government entities.

Intelligence Sources:

VirusTotalAbuseIPDBOTX AlienVaultShodan

Related Campaigns:

APT29 Cozy BearMidnight Blizzard

Tags:

APT29Cobalt StrikeC2GovernmentEspionage

DOMAINsecure-update-microsoft.com

phishing Threat

HIGH

98% Confidence

First Seen

2024-09-01

Last Seen

2024-09-07

Description:

Malicious domain impersonating Microsoft to steal Office 365 credentials. Active phishing campaign with high success rate.

Intelligence Sources:

URLVoidPhishTankOpenPhishCisco Talos

Related Campaigns:

Business Email CompromiseCredential Harvesting

Tags:

PhishingMicrosoftCredentialsBECSocial Engineering

HASHd41d8cd98f00b204e9800998ecf8427e

ransomware Threat

CRITICAL

92% Confidence

First Seen

2024-08-20

Last Seen

2024-09-05

Description:

LockBit 3.0 ransomware payload. Targets Windows systems with double extortion tactics. Encrypts files and steals sensitive data.

Intelligence Sources:

Hybrid AnalysisVirusTotalMalwareBazaarANY.RUN

Related Campaigns:

LockBit 3.0Black Basta

Tags:

RansomwareLockBitDouble ExtortionWindowsEncryption