𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲
@netresec.com
Experts in Network Forensics and Network Security Monitoring. Creators of #NetworkMiner, #CapLoader, PacketCache, #PolarProxy and RawCap.
Website: https://www.netresec.com/
Mastodon: @[email protected]
Website: https://www.netresec.com/
Mastodon: @[email protected]
That's great! Long lived IOCs like that are golden.
November 10, 2025 at 9:56 AM
That's great! Long lived IOCs like that are golden.
The boring answer is of course "it depends". But most incident responders would probably agree that a C2 IP address can be considered "old" when a couple of weeks have passed since it was last seen active.
November 6, 2025 at 3:59 PM
The boring answer is of course "it depends". But most incident responders would probably agree that a C2 IP address can be considered "old" when a couple of weeks have passed since it was last seen active.
Agreed, real-world IOC decay/score varies depending on TA choices as well as the actions we take as defenders.
Fantastic that you like our ASCII Pyramid of Pain 😊
Here's a CC0 licensed copy-paste friendly version:
infosec.exchange/@netresec/11...
Fantastic that you like our ASCII Pyramid of Pain 😊
Here's a CC0 licensed copy-paste friendly version:
infosec.exchange/@netresec/11...
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲 (@[email protected])
Here's a copy-paste friendly version of our ASCII Pyramid of Pain
License: CC0
```
,/\
,´V_-\ IOC Pyramid
,´\/-__-\ of Pain
,´\\/-_--_-\
,´\\\V_--TTP-_...
infosec.exchange
November 6, 2025 at 3:41 PM
Agreed, real-world IOC decay/score varies depending on TA choices as well as the actions we take as defenders.
Fantastic that you like our ASCII Pyramid of Pain 😊
Here's a CC0 licensed copy-paste friendly version:
infosec.exchange/@netresec/11...
Fantastic that you like our ASCII Pyramid of Pain 😊
Here's a CC0 licensed copy-paste friendly version:
infosec.exchange/@netresec/11...
IOCs from the blog post:
🔥 193.26.115.125:8883
🔥 purebase.ddns[.]net:8883
🔥 45.74.10.38:56001
🔥 139.99.83.25:56001
🔥 193.26.115.125:8883
🔥 purebase.ddns[.]net:8883
🔥 45.74.10.38:56001
🔥 139.99.83.25:56001
August 12, 2025 at 6:20 PM
IOCs from the blog post:
🔥 193.26.115.125:8883
🔥 purebase.ddns[.]net:8883
🔥 45.74.10.38:56001
🔥 139.99.83.25:56001
🔥 193.26.115.125:8883
🔥 purebase.ddns[.]net:8883
🔥 45.74.10.38:56001
🔥 139.99.83.25:56001
Turns out this is Interlock RAT
malpedia.caad.fkie.fraunhofer.de/details/win....
malpedia.caad.fkie.fraunhofer.de/details/win....
Interlock (Malware Family)
According to Sekoia, this is the ransomware used by the Interlock ransomware intrusion set, which was first observed in September 2024 conducting Big Game Hunting and double extortion campaigns.
malpedia.caad.fkie.fraunhofer.de
June 24, 2025 at 7:07 PM
Turns out this is Interlock RAT
malpedia.caad.fkie.fraunhofer.de/details/win....
malpedia.caad.fkie.fraunhofer.de/details/win....
Correct link should be
darknetdiaries.com/episode/158/
darknetdiaries.com/episode/158/
MalwareTech – Darknet Diaries
MalwareTech was an anonymous security researcher, until he accidentally stopped WannaCry, one of the largest ransomware attacks in history. That single act of heroism shattered his anonymity and pulle...
darknetdiaries.com
May 6, 2025 at 12:27 PM
Correct link should be
darknetdiaries.com/episode/158/
darknetdiaries.com/episode/158/
NetworkMiner automatically extracts EML files as well as attachments (here a jpg image) to disk when it parses emails in SMTP, POP3 or IMAP traffic.
May 6, 2025 at 6:25 AM
NetworkMiner automatically extracts EML files as well as attachments (here a jpg image) to disk when it parses emails in SMTP, POP3 or IMAP traffic.
Yes! Wireshark's "Export Packet Bytes" feature can also be used to extract files inside of other data structures, such as attachments in emails.
May 6, 2025 at 6:16 AM
Yes! Wireshark's "Export Packet Bytes" feature can also be used to extract files inside of other data structures, such as attachments in emails.
LOL, Greenland has been a part of the Kingdom of Denmark since before USA even existed as a country!
April 10, 2025 at 9:11 AM
LOL, Greenland has been a part of the Kingdom of Denmark since before USA even existed as a country!