Method of infection: Water-holing
OSIRIS used a Social Engineering method called “water holing” to attack German IP addresses.
How does water holing attack work?
- The victim enters the infected website.
- The website checks if the target IP is German.
- If it’s a German IP – few evasion techniques are used to bypass EDR
- And then the virus connects to its command server through the Darknet
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW,
And see where your Company is Exposed to Hackers
Recently Posted on AUMINT.io Blog
🚨 Top Ransomware Leak Sites Every Security Leader Must Watch 🚨
Ransomware gangs are not just encrypting data – they’re publishing stolen info to pressure victims.
🔍 Knowing their leak sites gives you a critical early warning system.
Here are the most active ransomware leak blogs on the darknet:
🛑 AvosLocker – http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion/
🛑 Babuk – http://nq4zyac4ukl4tykmidbzgdlvaboqeqsemkp4t35bzvjeve6zm2lqcjid.onion/
🛑 Bl@ckT0r – http://bl4cktorpms2gybrcyt52aakcxt6yn37byb65uama5cimhifcscnqkid.onion/
🛑 CL0P^_- LEAKS – http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/
🛑 CONTI.News – http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/
🛑 Cuba – http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/
🛑 Grief – http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid.onion/
🛑 LockBit BLOG – http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion/
🛑 Lorenz – http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion/
🛑 LV Blog – http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion/
🛑 Quantum Blog – http://quantum445bh3gzuyilxdzs5xdepf3b7lkcupswvkryf3n7hgzpxebid.onion/
🛑 Ragnar_Locker Leaks – http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd.onion/index.php
🛑 RANSOMEXX – http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion/
🛑 Suncrypt – http://x2miyuiwpib2imjr5ykyjngdu7v6vprkkhjltrk4qafymtawey4qzwid.onion/press
⏰ Monitoring these leak sites gives your security team a chance to react before data hits public forums.
🔐 At AUMINT.io, we integrate threat intel from these sources into attack simulations that build resilience and sharpen detection skills.
📞 Want to protect your org from ransomware extortion waves? Connect with us today.
#Ransomware #ThreatIntel #CyberSecurity #Darknet #SocialEngineering #FraudPrevention #AUMINTio #CISO #SecurityOps