Cyber Intelligence Insights

Mapping Remus Infostealer

Infrastructure mapping,EtherHiding C2,ASN analysis & blockchain pivoting (pt2)

Apr 30 • Vasilis Orlof

4

C2 in the Ether

Tracing Remus EtherHiding Infrastructure (pt1)

Apr 28 • Vasilis Orlof

7

3

2

December 2025

Christmas Tycoon

Tales from the phishing factory with over 1.9K domains

Dec 21, 2025 • Vasilis Orlof

3

October 2025

Intel Drops #4

Phishing kit targeting MS login pages

Oct 27, 2025 • Vasilis Orlof

5

1

1

Intel Drops #3

Malicious campaign impersonating Mexican government site

Oct 16, 2025 • Vasilis Orlof

2

Mapping latest Lumma infrastructure

C2, distribution & ASN clustering

Oct 13, 2025 • Vasilis Orlof

8

2

Intel Drops #2

Exposing Iran's APT Charming Kitten (allegedly)

Oct 6, 2025 • Vasilis Orlof

2

September 2025

A Stark connection

From Seychelles to Netherlands, a bulletproof hosting journey

Sep 2, 2025 • Vasilis Orlof

2

July 2025

Intel Drops #1

July phishing campaign

Jul 30, 2025 • Vasilis Orlof

7

2

Bulletproof Hosting Hunt

Connecting the dots from Lumma to Qwins Ltd (ASN 213702)

Jul 27, 2025 • Vasilis Orlof

12

1

June 2025

Lumma meets LolzTeam

Infostealers, traffers operations & the BASE34 group

Jun 22, 2025 • Vasilis Orlof

10

1

Cobalt on the weekends

One IP to 250 IoC - The Power of Pivoting

Jun 8, 2025 • Vasilis Orlof

4