CIRCLE WITH A DOT

2026-02-17 RDP #Honeypot IOCs - 1374 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:159.89.36.20 - 630164.90.188.53 - 51085.203.15.98 - 63Top ASNs:AS14061 - 1155AS62240 - 63AS396982 - 36Top Accounts:hello - 1230Test - 27Administr - 21Top ISPs:DigitalOcean, LLC - 1155Clouvider Limited - 63Google LLC - 36Top Clients:Unknown - 1374Top Software:Unknown - 1374Top Keyboards:Unknown - 1374Top IP Classification:hosting - 1227Unknown - 75mobile & hosting & proxy - 63Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-02-17 RDP #Honeypot IOCs - 916 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:159.89.36.20 - 420164.90.188.53 - 34085.203.15.98 - 42Top ASNs:AS14061 - 770AS62240 - 42AS396982 - 24Top Accounts:hello - 820Test - 18Administr - 14Top ISPs:DigitalOcean, LLC - 770Clouvider Limited - 42Google LLC - 24Top Clients:Unknown - 916Top Software:Unknown - 916Top Keyboards:Unknown - 916Top IP Classification:hosting - 818Unknown - 50mobile & hosting & proxy - 42Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-02-17 RDP #Honeypot IOCs - 458 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:159.89.36.20 - 210164.90.188.53 - 17085.203.15.98 - 21Top ASNs:AS14061 - 385AS62240 - 21AS396982 - 12Top Accounts:hello - 410Test - 9Administr - 7Top ISPs:DigitalOcean, LLC - 385Clouvider Limited - 21Google LLC - 12Top Clients:Unknown - 458Top Software:Unknown - 458Top Keyboards:Unknown - 458Top IP Classification:hosting - 409Unknown - 25mobile & hosting & proxy - 21Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

Investigation Scenario You find Event ID 7045 showing a new service installed: WinUpdateCheck, pointing to C:\ProgramData\wucheck.exe. You report to the SOC lead that this system is infected and needs to be contained. They ask you to justify that request. What evidence do you present to elevate this from “suspicious service creation” to confirmed malicious activity? Lead with your strongest likely evidence sources and conclusions. #InvestigationPath #DFIR #SOC

Don’t just block threats — disrupt them.Our IR-driven Threat Feed helps you: Detect attacker infrastructure early Hunt for active footholds️ Reduce false positives with continuously verified intelBuilt for SOCs, MSSPs, MDRs, and security vendors.Get the edge: https://thedfirreport.com/contact/#ThreatIntel #BlueTeam #DFIR #CyberDefense

Have a big number (or hex value) you found and think might be a timestamp? Drop it in `unfurl` in the terminal and see what comes out! (add -d or --detailed if you want the type of timestamp, or run without it if you just want the value)#DFIR #BF4SA #Unfurl