🚨New ransom group blog post!🚨
Group name: incransom
Post title: arbd.com
Info: https://cti.fyi/groups/incransom.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
#CTi
🚨New ransom group blog post!🚨
Group name: incransom
Post title: altaortho.com
Info: https://cti.fyi/groups/incransom.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
Improved indicators: Venom RAT (+1), Amatera (+1), ACR Stealer (+2), PureRAT (+1), GuLoader (+1), ArcaneStealer (+1) and DCRat (+1). https://vuldb.com/?actor #apt #cti #ioc
🚨New ransom group blog post!🚨
Group name: handala
Post title: Israeli Weather Stations Crippled
Info: https://cti.fyi/groups/handala.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
🚨New ransom group blog post!🚨
Group name: handala
Post title: Full Access: Jerusalem’s Security Cameras in Handala’s Hands
Info: https://cti.fyi/groups/handala.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
🚨New ransom group blog post!🚨
Group name: play
Post title: Southern Concrete Construction
Info: https://cti.fyi/groups/play.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
🚨New ransom group blog post!🚨
Group name: play
Post title: Serrano Industries
Info: https://cti.fyi/groups/play.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
🚨New ransom group blog post!🚨
Group name: play
Post title: Infinity Systems
Info: https://cti.fyi/groups/play.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
🚨New ransom group blog post!🚨
Group name: play
Post title: Helen Kaminski
Info: https://cti.fyi/groups/play.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
🚨New ransom group blog post!🚨
Group name: play
Post title: Facilities USA
Info: https://cti.fyi/groups/play.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
Indicators added for: Kinsing (+1), ValleyRAT (+1), GlassWorm (+2), Bashlite (+1), Sliver (+1), Vidar (+1) and Coinminer (+1). https://vuldb.com/?actor #apt #cti #ioc
🚨New ransom group blog post!🚨
Group name: play
Post title: Byard F Brogan
Info: https://cti.fyi/groups/play.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
🚨New ransom group blog post!🚨
Group name: handala
Post title: Contact Handala
Info: https://cti.fyi/groups/handala.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
Wow, now I'm getting malware URLs via reverb.com - way to hand over a long-time threat intel person the IoC's
nothing on VT yet https://www.virustotal.com/gui/url/3086617690b3b089bff0dd7b96f0e389a57ad32630fd93b6a29d6cdc8256edfe/detection
Zero detections:
https://www.urlvoid.com/scan/matyshkazemlya.com/
scan failed 403 forbidden: https://sitecheck.sucuri.net/results/www.matyshkazemlya.com
https://urlquery.net/report/7840c1b4-791d-47d1-b531-4ac3b7fd0f92 redirect and is sinkholed via DNS4EU
Submitted to Pulsedive: https://pulsedive.com/indicator/?ioc=d3d3Lm1hdHlzaGthemVtbHlhLmNvbQ==
Showing a redirect to Google on checkphish (LOL)
https://app.checkphish.ai/public/insights/1772914041531/3086617690b3b089bff0dd7b96f0e389a57ad32630fd93b6a29d6cdc8256edfe
IoC:
www.matyshkazemlya [DOT] com
Message on Reverb.com:
Hey, I've been trying to buy your listing but keep getting a payment error. The site gave me a link with some info for the seller to check — www.matyshkazemlya [DOT] com Could you take a look? Mia Brown
#IR #incidentRespose #CTI #IOC #infosec #cyberz #cybersecurity #infosec #reverb
#suspectdomain #virustotal #pulsedive #URLvoid #threatIntel #ThreatInteligence
Added some more indicators for: TinyNuke (+1), ACR Stealer (+7), Hook (+1), SmartLoader (+2), Orcus RAT (+1), MimiKatz (+1) and NetSupportManager RAT (+2). https://vuldb.com/?actor #apt #cti #ioc
🚨New ransom group blog post!🚨
Group name: handala
Post title: Handala New Telegram
Info: https://cti.fyi/groups/handala.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
Just borrow a tactic from the CTI industry and publish it in a static image pasted into a PDF report hidden behind a registration wall stored at a URL that vanishes during the next corporate merger.
🚨New ransom group blog post!🚨
Group name: termite
Post title: City of Huntington
Info: https://cti.fyi/groups/termite.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
🚨New ransom group blog post!🚨
Group name: play
Post title: T a Solberg
Info: https://cti.fyi/groups/play.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
🚨New ransom group blog post!🚨
Group name: play
Post title: Select Tool
Info: https://cti.fyi/groups/play.html
#ransomware #cti #threatintelligence #cybersecurity #infosec
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst