/Intelligence
Live Feed Active
👤 SOC Analyst — Level 3
⚠️
CRITICAL: Active campaign detected — APT-41 targeting cloud infrastructure via compromised SSH keys. 12 organizations impacted in last 24h.
Active Threats
247
▲ 12.4% vs 24h
New IOCs Today
1,843
▲ 8.2% vs 24h
Threats Blocked
24,851
▼ 3.1% vs 24h
Active Feeds
48
● Stable
Mean Response
0.4s
▼ 15ms vs 24h
🌐 Global Threat Activity Map
Moscow
Beijing
Tokyo
São Paulo
Lagos
Sydney
Dubai
Jakarta
🚨 Live Alerts
Ransomware C2 Communication Detected
SRC: 192.168.4.22→ 185.xx.xx.41
2m ago
Credential Stuffing Attack — 14K Attempts
Target: auth.corp.io
5m ago
Suspicious PowerShell Execution
Host: WIN-DC-03
8m ago
Anomalous Data Exfiltration Pattern
Vol: 2.4GB → External
14m ago
Zero-Day Exploit Attempt — CVE-2025-XXXX
Vector: HTTP/HTTPS
21m ago
Phishing Campaign — Fake Invoice
Domain: invoic-e-pay[.]com
28m ago
🎯 Active Threat Actors
A
APT-41 (Winnti)
📍 China 🎯 Finance, Cloud 📊 TTP: T1566, T1190
ACTIVE HIGH CAPABILITY STATE-SPONSORED
L
LockBit 3.0
📍 Eastern Europe 🎯 Healthcare, Mfg 📊 TTP: T1486, T1490
ACTIVE RANSOMWARE RaaS
A
APT29 (Cozy Bear)
📍 Russia 🎯 Gov, NGOs 📊 TTP: T1078, T1528
ELEVATED ADVANCED PERSISTENCE SOLBINARY
🔍 Recent Indicators of Compromise
Type Value Severity Source First Seen
IP 185.220.101.41 Critical APT-41 C2 2025-06-11
Domain update-ms-verify[.]com High Phishing 2025-06-11
MD5 a3f8c9...e1d42b Critical LockBit Dropper 2025-06-10
URL hxxps://pay-invoice[.]cc/xx Medium Spear Phish 2025-06-10
IP 91.234.99.72 High Scanning/Recon 2025-06-10
SHA256 7b4f2a...c8e91f Critical Cobalt Strike 2025-06-09
Email admin@fakemicrosoft[.]net Medium Phishing 2025-06-09
📈 Threat Vector Distribution
Phishing
78%
Ransomware
62%
Malware
54%
DDoS
35%
Zero-Day
18%
Insider
22%
🕐 Intelligence Feed Timeline
14:32 UTC — 2 min ago
New APT-41 C2 Infrastructure Discovered
Three new command-and-control servers identified in Eastern European hosting providers. Linked to ongoing cloud infrastructure targeting campaign.
13:15 UTC — 1 hr ago
LockBit 3.0 Campaign Escalating
Increased phishing volume targeting healthcare organizations. New variant of ransomware noted with double-extortion tactics.
11:48 UTC — 3 hrs ago
Zero-Day CVE-2025-4891 Exploit in Wild
Authentication bypass in popular API gateway. Affecting 2,400+ deployments. Vendor patch expected within 48 hours.
09:22 UTC — 5 hrs ago
DDoS Campaign Neutralized
Large-scale volumetric attack against financial sector mitigated. Peak volume: 840 Gbps. Source: 12K botnet nodes.
06:10 UTC — 8 hrs ago
Supply Chain Compromise — Open Source Library
Trojanized npm package "node-cache-util" detected. 850+ downloads before takedown. Reverse shell payload included.
🛡️ Security Posture Score
88
Score
Network Security — 92%
Endpoint Protection — 87%
Cloud Security — 91%
Identity & Access — 78%
Data Loss Prevention — 85%
RECOMMENDATION
Implement multi-factor authentication across all privileged accounts to improve Identity & Access score from 78% to target 90%+.