About a year ago I started using services like Team Cymru SCOUT (and later others as well, Validin and Censys) to connect C2 IP's via their NetBIOS names exposed via RDP or SMB to the Internet (and scanning services).
Unfortunately I have quite limited resources to work on this research (by myself) and wish for some kind of sharing and collaboration group to join efforts with others interested. The goal should be to track more TACs, TAs and TGs, "impose cost" (as Andrew Thompson would say 😉), and eventually (possibly) identify actors and involve LEA to ultimately lead to arrests of cyber criminals.
If you're interested in tracking threat activity clusters and research C2 infrastructure then I would be interested in hearing from you and invite you to join the sharing and collaboration group.
Connect with me on LinkedIn or Twitter (or via email or Slack if you find me there).
This is just a preliminary post that may get updated with some more details soon(-ish)™.
Twitter announcement: https://TWITTER.com/c_APT_ure/status/1973476746717696501
No comments:
Post a Comment