{ "type": "Domain", "indicator": "amazonsolutions.cloud", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/amazonsolutions.cloud", "alexa": "http://www.alexa.com/siteinfo/amazonsolutions.cloud", "indicator": "amazonsolutions.cloud", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4006643578, "indicator": "amazonsolutions.cloud", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "676375f11f8dcb260e5b6a49", "name": "Hackers Weaponize Red Team Tools in RDP Campaigns", "description": "Hackers exploit Red Team tools in RDP attacks using TOR and VPNs for data theft.", "modified": "2025-01-18T01:04:35.888000", "created": "2024-12-19T01:25:05.633000", "tags": [ "aws secure", "data exchange", "aws iam", "zero trust", "iam identity", "device security" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 187, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 11 }, "indicator_count": 218, "is_author": false, "is_subscribing": null, "subscriber_count": 486, "modified_text": "456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6762e8da1d130d081e30eb1c", "name": "Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks | Trend Micro (US)", "description": "Trend Vision One is a comprehensive and comprehensive platform for cybersecurity solutions designed for all sectors, from the healthcare industry to the manufacturing and healthcare sectors. \u00c2\u00a31.5bn in sales worldwide.", "modified": "2025-01-17T15:01:34.109000", "created": "2024-12-18T15:23:06.433000", "tags": [ "apt & targeted attacks", "latest news", "research", "learn", "earth koshchei", "trend micro", "october", "koshchei", "rdp campaign", "vision one", "pyrdp", "trend vision", "threat insights", "august", "alliance", "tools", "stop", "find", "ukraine", "hybrid", "small", "protect", "carriers", "attack", "rogue", "service", "virustotal", "suomi", "indonesia", "rdp" ], "references": [ "https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html" ], "public": 1, "adversary": "", "targeted_countries": [ "Ukraine", "Netherlands", "Japan", "Australia" ], "malware_families": [ { "id": "RDP", "display_name": "RDP", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Military", "Foreign Affairs", "Diplomatic", "Energy", "Telecom", "Defense", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 220, "is_author": false, "is_subscribing": null, "subscriber_count": 848, "modified_text": "456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6761c342090a79dee5f5f2b1", "name": "Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks | Trend Micro (US)", "description": "This report from Trend Micro analyzes a recent Earth Koshchei, an intrusion set supposedly attributed to Russia\u2019s Foreign Intelligence Service (SVR), campaign that gains initial access through phishing emails containing RDP configuration files. When victims open these files, a connection to a remote RDP server through one of the 193 RDP relays set up by Earth Koshchei is established. Then, the attackers use tools like Cobalt Strike and Metasploit to achieve persistence, lateral movement, and command and control within the target environment. The risks include unauthorized access, data exfiltration, and widespread compromise of systems. To mitigate these risks, cybersecurity professionals should implement multi-factor authentication (MFA) for RDP, restrict outbound RDP connections, monitor for unusual RDP-related prompts or traffic, educate users on identifying phishing attempts, and deploy endpoint detection tools to identify malicious activity and tool usage early in the attack chain.", "modified": "2025-01-16T17:04:57.148000", "created": "2024-12-17T18:30:26.392000", "tags": [ "apt & targeted attacks", "latest news", "research", "learn", "earth koshchei", "trend micro", "october", "koshchei", "rdp campaign", "vision one", "pyrdp", "trend vision", "threat insights", "august", "alliance", "tools", "stop", "find", "ukraine", "hybrid", "small", "protect", "carriers", "attack", "rogue", "service", "virustotal", "suomi", "indonesia", "rdp", "data exchange", "aws secure", "zero trust", "aws iam", "amazon", "identity center", "ip address", "iam identity", "secure data", "target" ], "references": [ "https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/l/earth-koshchei/IOClist-EarthKoshchei.txt" ], "public": 1, "adversary": "Earth Koshchei", "targeted_countries": [ "Ukraine", "Netherlands", "Japan", "Australia" ], "malware_families": [ { "id": "RDP", "display_name": "RDP", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Metasploit", "display_name": "Metasploit", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Military", "Foreign Affairs", "Diplomatic", "Energy", "Telecom", "Defense", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2, "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 200, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67615d383188177c071ba0bd", "name": "Hackers Leverage Red Team Tools in RDP Attacks Via TOR & VPN for Data Exfiltration", "description": "Researchers have identified the source of a series of attacks on the Earth Koshchei network, using data stored on a network known as the \"black hole\" or \"white hole\", as well as a number of other sites.\nIn a striking display of cyber sophistication, the advanced persistent threat (APT) group Earth Koshchei, also tracked as APT29 or Midnight Blizzard, has been linked to a massive rogue Remote Desktop Protocol (RDP) campaign.", "modified": "2025-01-16T11:03:28.820000", "created": "2024-12-17T11:15:04.830000", "tags": [ "data exchange", "aws secure", "zero trust", "aws iam", "amazon", "identity center", "earth koshchei", "ip address", "iam identity", "secure data", "tools", "rogue", "target" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/l/earth-koshchei/IOClist-EarthKoshchei.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 198, "is_author": false, "is_subscribing": null, "subscriber_count": 847, "modified_text": "457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6761543716a8c034207bba5b", "name": "Hackers Leverage Red Team Tools in RDP Attacks Via TOR & VPN for Data Exfiltration", "description": "Researchers have identified the source of a series of attacks on the Earth Koshchei network, using data stored on a network known as the \"black hole\" or \"white hole\", as well as a number of other sites.", "modified": "2025-01-16T10:03:45.698000", "created": "2024-12-17T10:36:39.668000", "tags": [ "data exchange", "aws secure", "zero trust", "aws iam", "amazon", "identity center", "earth koshchei", "ip address", "iam identity", "secure data", "tools", "rogue", "target" ], "references": [ "https://cybersecuritynews.com/hackers-leverage-red-team-tools-in-rdp-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jacksparrow", "id": "142887", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 198, "is_author": false, "is_subscribing": null, "subscriber_count": 36, "modified_text": "457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6761543aba6b311bfb12dcd4", "name": "Hackers Leverage Red Team Tools in RDP Attacks Via TOR & VPN for Data Exfiltration", "description": "Researchers have identified the source of a series of attacks on the Earth Koshchei network, using data stored on a network known as the \"black hole\" or \"white hole\", as well as a number of other sites.", "modified": "2025-01-16T10:03:45.698000", "created": "2024-12-17T10:36:42.448000", "tags": [ "data exchange", "aws secure", "zero trust", "aws iam", "amazon", "identity center", "earth koshchei", "ip address", "iam identity", "secure data", "tools", "rogue", "target" ], "references": [ "https://cybersecuritynews.com/hackers-leverage-red-team-tools-in-rdp-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jacksparrow", "id": "142887", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 198, "is_author": false, "is_subscribing": null, "subscriber_count": 36, "modified_text": "457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/l/earth-koshchei/IOClist-EarthKoshchei.txt", "https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html", "https://cybersecuritynews.com/hackers-leverage-red-team-tools-in-rdp-attacks/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Earth Koshchei" ], "malware_families": [ "Cobalt strike", "Rdp", "Metasploit" ], "industries": [ "Foreign affairs", "Telecommunications", "Diplomatic", "Telecom", "Defense", "Military", "Energy" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "676375f11f8dcb260e5b6a49", "name": "Hackers Weaponize Red Team Tools in RDP Campaigns", "description": "Hackers exploit Red Team tools in RDP attacks using TOR and VPNs for data theft.", "modified": "2025-01-18T01:04:35.888000", "created": "2024-12-19T01:25:05.633000", "tags": [ "aws secure", "data exchange", "aws iam", "zero trust", "iam identity", "device security" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 187, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 11 }, "indicator_count": 218, "is_author": false, "is_subscribing": null, "subscriber_count": 486, "modified_text": "456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6762e8da1d130d081e30eb1c", "name": "Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks | Trend Micro (US)", "description": "Trend Vision One is a comprehensive and comprehensive platform for cybersecurity solutions designed for all sectors, from the healthcare industry to the manufacturing and healthcare sectors. \u00c2\u00a31.5bn in sales worldwide.", "modified": "2025-01-17T15:01:34.109000", "created": "2024-12-18T15:23:06.433000", "tags": [ "apt & targeted attacks", "latest news", "research", "learn", "earth koshchei", "trend micro", "october", "koshchei", "rdp campaign", "vision one", "pyrdp", "trend vision", "threat insights", "august", "alliance", "tools", "stop", "find", "ukraine", "hybrid", "small", "protect", "carriers", "attack", "rogue", "service", "virustotal", "suomi", "indonesia", "rdp" ], "references": [ "https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html" ], "public": 1, "adversary": "", "targeted_countries": [ "Ukraine", "Netherlands", "Japan", "Australia" ], "malware_families": [ { "id": "RDP", "display_name": "RDP", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Military", "Foreign Affairs", "Diplomatic", "Energy", "Telecom", "Defense", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2, "FileHash-MD5": 10, "FileHash-SHA1": 10, "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 220, "is_author": false, "is_subscribing": null, "subscriber_count": 848, "modified_text": "456 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6761c342090a79dee5f5f2b1", "name": "Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks | Trend Micro (US)", "description": "This report from Trend Micro analyzes a recent Earth Koshchei, an intrusion set supposedly attributed to Russia\u2019s Foreign Intelligence Service (SVR), campaign that gains initial access through phishing emails containing RDP configuration files. When victims open these files, a connection to a remote RDP server through one of the 193 RDP relays set up by Earth Koshchei is established. Then, the attackers use tools like Cobalt Strike and Metasploit to achieve persistence, lateral movement, and command and control within the target environment. The risks include unauthorized access, data exfiltration, and widespread compromise of systems. To mitigate these risks, cybersecurity professionals should implement multi-factor authentication (MFA) for RDP, restrict outbound RDP connections, monitor for unusual RDP-related prompts or traffic, educate users on identifying phishing attempts, and deploy endpoint detection tools to identify malicious activity and tool usage early in the attack chain.", "modified": "2025-01-16T17:04:57.148000", "created": "2024-12-17T18:30:26.392000", "tags": [ "apt & targeted attacks", "latest news", "research", "learn", "earth koshchei", "trend micro", "october", "koshchei", "rdp campaign", "vision one", "pyrdp", "trend vision", "threat insights", "august", "alliance", "tools", "stop", "find", "ukraine", "hybrid", "small", "protect", "carriers", "attack", "rogue", "service", "virustotal", "suomi", "indonesia", "rdp", "data exchange", "aws secure", "zero trust", "aws iam", "amazon", "identity center", "ip address", "iam identity", "secure data", "target" ], "references": [ "https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html", "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/l/earth-koshchei/IOClist-EarthKoshchei.txt" ], "public": 1, "adversary": "Earth Koshchei", "targeted_countries": [ "Ukraine", "Netherlands", "Japan", "Australia" ], "malware_families": [ { "id": "RDP", "display_name": "RDP", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Metasploit", "display_name": "Metasploit", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" } ], "industries": [ "Military", "Foreign Affairs", "Diplomatic", "Energy", "Telecom", "Defense", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "eric.ford", "id": "42510", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_42510/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 2, "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 200, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67615d383188177c071ba0bd", "name": "Hackers Leverage Red Team Tools in RDP Attacks Via TOR & VPN for Data Exfiltration", "description": "Researchers have identified the source of a series of attacks on the Earth Koshchei network, using data stored on a network known as the \"black hole\" or \"white hole\", as well as a number of other sites.\nIn a striking display of cyber sophistication, the advanced persistent threat (APT) group Earth Koshchei, also tracked as APT29 or Midnight Blizzard, has been linked to a massive rogue Remote Desktop Protocol (RDP) campaign.", "modified": "2025-01-16T11:03:28.820000", "created": "2024-12-17T11:15:04.830000", "tags": [ "data exchange", "aws secure", "zero trust", "aws iam", "amazon", "identity center", "earth koshchei", "ip address", "iam identity", "secure data", "tools", "rogue", "target" ], "references": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/l/earth-koshchei/IOClist-EarthKoshchei.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 198, "is_author": false, "is_subscribing": null, "subscriber_count": 847, "modified_text": "457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6761543716a8c034207bba5b", "name": "Hackers Leverage Red Team Tools in RDP Attacks Via TOR & VPN for Data Exfiltration", "description": "Researchers have identified the source of a series of attacks on the Earth Koshchei network, using data stored on a network known as the \"black hole\" or \"white hole\", as well as a number of other sites.", "modified": "2025-01-16T10:03:45.698000", "created": "2024-12-17T10:36:39.668000", "tags": [ "data exchange", "aws secure", "zero trust", "aws iam", "amazon", "identity center", "earth koshchei", "ip address", "iam identity", "secure data", "tools", "rogue", "target" ], "references": [ "https://cybersecuritynews.com/hackers-leverage-red-team-tools-in-rdp-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jacksparrow", "id": "142887", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 198, "is_author": false, "is_subscribing": null, "subscriber_count": 36, "modified_text": "457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6761543aba6b311bfb12dcd4", "name": "Hackers Leverage Red Team Tools in RDP Attacks Via TOR & VPN for Data Exfiltration", "description": "Researchers have identified the source of a series of attacks on the Earth Koshchei network, using data stored on a network known as the \"black hole\" or \"white hole\", as well as a number of other sites.", "modified": "2025-01-16T10:03:45.698000", "created": "2024-12-17T10:36:42.448000", "tags": [ "data exchange", "aws secure", "zero trust", "aws iam", "amazon", "identity center", "earth koshchei", "ip address", "iam identity", "secure data", "tools", "rogue", "target" ], "references": [ "https://cybersecuritynews.com/hackers-leverage-red-team-tools-in-rdp-attacks/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jacksparrow", "id": "142887", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 11, "domain": 187 }, "indicator_count": 198, "is_author": false, "is_subscribing": null, "subscriber_count": 36, "modified_text": "457 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "amazonsolutions.cloud", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "amazonsolutions.cloud", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776591549.036631 }