tag:blogger.com,1999:blog-35783026.post5241498382182450020..comments2024-03-23T11:17:06.765-07:00Comments on CyberCrime & Doing Time: Bogus Bomb Threats Demand Bitcoin Disrupt BusinessesGary Warnerhttp://www.blogger.com/profile/10822366940133384061noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-35783026.post-35578839777758312102018-12-15T08:01:58.512-08:002018-12-15T08:01:58.512-08:00A couple of those email subjects from NCFTA also l...A couple of those email subjects from NCFTA also look like they are the "we made a video of you watching porn" instead of the bomb ones. Will ask for clarification.Gary Warnerhttps://www.blogger.com/profile/10822366940133384061noreply@blogger.comtag:blogger.com,1999:blog-35783026.post-85487410865410999612018-12-15T07:58:43.689-08:002018-12-15T07:58:43.689-08:00That's great information! Thank you! Talos i...That's great information! Thank you! Talos is doing a great job as usual!Gary Warnerhttps://www.blogger.com/profile/10822366940133384061noreply@blogger.comtag:blogger.com,1999:blog-35783026.post-28215596125309721662018-12-15T07:55:36.057-08:002018-12-15T07:55:36.057-08:00In fact, every sending IP we have seen at Cisco Ta...In fact, every sending IP we have seen at Cisco Talos from the bomb threat email attack was sent through IP space owned by reg.ru. The OSINT IoC data gathered in the Extortion-Scam.pdf sent by NCFTA included at least one BTC address that was used in sextortion, but NOT (AFAICT) in the actual bomb campaign. 1P55eXM8gxmwjSbqEpBWLBBvJQ7C1BmRH3Jaeson Schultzhttps://www.blogger.com/profile/02331805684861640423noreply@blogger.com