https://riga.sh/tags/cti/Recent content in CTI on RigaHugo 0.125.0en-usFri, 12 Jun 2026 00:00:00 +0000https://riga.sh/toolbox/-threat-intel/Fri, 12 Jun 2026 00:00:00 +0000https://riga.sh/toolbox/-threat-intel/I endorse nothing you’ll do with these tools, use them at your own risks. Combining multiple sources while investigating is highly recommended. Remember, these tools are only there to help your investigation, the conclusion is up to you. This list is updated often, check the date above for the latest update. Domain and IP Threat Intel Search by IP, domain, or network owner for real-time threat data https://talosintelligence.com/ Website reputation checkerhttps://riga.sh/investigations/the-great-canadian-scammers/Mon, 28 Oct 2024 00:00:00 +0000https://riga.sh/investigations/the-great-canadian-scammers/This article is made for educational purpose only, to show what’s going on behind the scenes of malicious actors and their digital platforms. Everything comes from open and legal sources. I received an SMS asking me to log in to: auth-rbcroyalbank-online[.]com. Well, thanks to this scam, I was able to map a wide phishing network targeting Canadian institutions. Key points: ⏺️ Mostly Russian and Chinese registrars/hosting providers (JSC Selectel, Nicenic…) are involved.https://riga.sh/investigations/noname05716/Sun, 21 Jul 2024 00:00:00 +0000https://riga.sh/investigations/noname05716/NoName057(16) is a pro russian hacking group targeting multiple strategic organizations (by DOS/DDOS) associated with countries supporting Ukraine in the ongoing war. They also rely on Botnets (infected machines) to carry large scale attacks. They are very talkative on different platforms, sharing their assets and targets, so I’ll try to summarize all of this here. NoName057(16) operates on two principal Telegram channels: 🇷🇺 https://t.me/noname0571 🇬🇧 https://t.me/noname05716eng They mainly share news about their attacks: What makes NoName057(16) interesting, is their community implication where anyone can download their DOS/DDOS tools, ask questions and support their actions broadly.https://riga.sh/investigations/government-phishing/Wed, 20 Dec 2023 00:00:00 +0000https://riga.sh/investigations/government-phishing/Recently, I received quite an unusual phishing email. At first, it looks like a typical delivery phishing, but it came from… a government address! It came from the doctor appointment service from the Serbian Ministry of Health: This domain has no DMARC policy in place, meaning it could be more easily beings used to spread malicious emails. The email is simply an image rendered by HTML, and linked 2 fraudulent files:https://riga.sh/investigations/terroristinfrastructure/Thu, 12 Oct 2023 00:00:00 +0000https://riga.sh/investigations/terroristinfrastructure/With the ongoing war between Israeli forces and Hamas, I wanted to analyze different propaganda tools and how they are built.