Intel Reports

Activity Summary - Week Ending on 30 November 2023:

• Red Sky identified 26,305 connections from ‘new’ unique IP addresses
• HostRush 116x
• 29 ‘new’ Botnets hits
• Decoding the Past
• Rhysida Ransomware Group
• PSExec
• Palestine Hamas Hackers
• Denmark
• Singapore

Activity Summary - Week Ending on 23 November 2023:

• Red Sky identified 29,262 connections from ‘new’ unique IP addresses
• Amazon NoVa in Virginia hit 24x (2^nd week)
• 35 ‘new’ Botnets hits
• NoEscape Ransomware
• Infection Vector
• Victimology
• NoEscape IOCs

Activity Summary - Week Ending on 16 November 2023:

• Red Sky identified 27,491 connections from ‘new’ unique IP addresses
• Amazon NoVa in Virginia hit 24x
• 31 ‘new’ Botnets hits
• Predator AI
• Tkinter-based GUI
• The GPTj Class
• StealerBuilder
• CozyBear
• UK fa

Activity Summary - Week Ending on 9 November 2023:

• Red Sky identified 27,472 connections from ‘new’ unique IP addresses
• Hetzner Online GmbH hit 130x
• 29 ‘new’ Botnets hits
• macOS Malware
• r2 Platform
• 70 German municipalities
• S_it
• India - Education
• Suff

Activity Summary - Week Ending on 02 November 2023:

• Red Sky identified 27,522 connections from ‘new’ unique IP addresses
• Swiss Private Layer Inc. hit 697x
• 36 ‘new’ Botnets hits
• The Hype Cycle
• Bad Google Apps
• Israel Check Point
• US Stanford U.
• Akira G

Activity Summary - Week Ending on 26 October 2023:

• Red Sky identified 28,459 connections from ‘new’ unique IP addresses
• German Privax hit 42x
• 41 ‘new’ Botnets hits
• Supply Chain Attacks
• Starjacking and Typosquatting
• ClassPad
• NY Casinos and several He

Activity Summary - Week Ending on 19 October 2023:

• Red Sky identified 35,152 connections from ‘new’ unique IP addresses
• Montreal Cyber Co. hit 1,009
• 39 ‘new’ Botnets hits
• IZ1H9 Campaign
• CVE-2015-1187, CVE-2016-20017, CVE-2020-25506, and CVE-2021-453

Activity Summary - Week Ending on 12 October 2023:

• Red Sky identified 9,099 connections from ‘new’ unique IP addresses
• Demenin[.]het in Ukraine hit 1,808
• 24 ‘new’ Botnets hits
• NPM
• JavaScript
• PyPI
• Kenya Being Hit Hard
• Africa
• Johnson Controls

Activity Summary - Week Ending on 5 October 2023:

• 102 ‘new’ Botnets hits
• Sandman APT & LuaDream
• LuaJIT platform
• Embedded Lua VMs
• Metador
• The British Royals Hit
• European Union

Red Sky Alliance Botnet Tracker

On 4 October 2023, analysts identified 10

Activity Summary - Week Ending on 28 September 2023:

• Vimplecom hit in Russia
• 53 ‘new’ Botnets hits
• Transparent Tribe
• CapraRAT
• AndroRAT
• KNP Logistics - Akira
• Sisters Health System
• Russian Attacks
• Local US Municipalities

Red Sky Alliance Compromised

Activity Summary - Week Ending on 21 September 2023:

• Red Sky Alliance identified 561 connections from ‘new’ IP’s checking in with our Sinkholes
• Vimplecom hit
• 53 ‘new’ Botnets hits
• Digital Transformation
• Exposure Management
• ASM
• US Casinos being Attac

Activity Summary - Week Ending on 14 September 2023:

• Red Sky Alliance identified 766 connections from ‘new’ IP’s checking in with our Sinkholes
• Kyivstar[.]ua in Ukraine Hit 250x
• 135 ‘new’ Botnets hits
• MidgeDropper
• Complex Infection Chain
• Home to Wor

Activity Summary - Week Ending on 7 September 2023:

• Red Sky Alliance identified 933 connections from new IP’s checking in with our Sinkholes
• JPSP in Russia Hit Once
• 129 ‘new’ Botnets hits
• Project Discovery
• RCE Vulnerabilities
• Reverse Shell
• Adobe Col

Activity Summary - Week Ending on 31 August 2023:

• Red Sky Alliance identified 1,387 connections from new IP’s checking in with our Sinkholes
• Amazon Hit Only Twice
• 69 ‘new’ Botnets hits
• Whiffy Recon – New Smoke Loader
• DuoLingo Forum
• Akira Ransomware

Activity Summary - Week Ending on 24 August 2023:

• Red Sky Alliance identified 1,592 connections from new IP’s checking in with our Sinkholes
• MS – 48 Hits
• 64 ‘new’ Botnets hits
• Preparing for a Ransomware Attack
• DLL Highjacking
• Poland Attacks
• UK
• John

Activity Summary - Week Ending on 17 August 2023:

• Red Sky Alliance identified 1,677 connections from new IP’s checking in with our Sinkholes
• MS – 52 Hits
• 44 ‘new’ Botnets hits
• rs
• SYK Crypter
• German Attacks Down
• Wuhan Earthquake
• RedHotel

Link to ful

Activity Summary - Week Ending on 10 August 2023:

• Red Sky Alliance identified 1,785 connections from new IP’s checking in with our Sinkholes
• Hello Vienna – 91 Hits
• 244 ‘new’ Botnets hits
• Evolution of Ransomware
• Lockbit - Maze
• Volt Typhoon
• India - Gr

Activity Summary - Week Ending on 3 August 2023:

• Red Sky Alliance identified 2,493 connections from new IP’s checking in with our Sinkholes
• Linode[.]com hit 39x
• 99 ‘new’ Botnets hits
• Zyxel
• IoT
• China & Clouds
• Water Systems
• SCADA
• Field Instrumentation

Activity Summary - Week Ending on 27 July 2023:

• Red Sky Alliance identified 1,969 connections from new IP’s checking in with our Sinkholes
• Demenin B.V. hit 302x
• 143 ‘new’ Botnets hits
• Juypiter
• ASW Credential Attack
• Estée Lauder
• MOveIT, Black Cat and

Activity Summary - Week Ending on 20 July 2023:

• Red Sky Alliance identified 2,493 connections from new IP’s checking in with our Sinkholes
• Linode[.]com hit 39x
• 99 ‘new’ Botnets hits
• LokiBot
• Operation Pousada
• 2,146 cyber-attacks on 1 Company in India