Adversaries Infrastructure-Ransomware Groups, APTs, and Red Teams

What you can learn from scanning adversaries' infra?

Michael Koczwara
4 min readDec 30, 2022

In this short blog, I will get straight to the point. I have been scanning the internet on a daily/weekly basis over the past few months/weeks using Shodan, Censys, Nmap, and my Python scripts, and would like to share my information/research. I will very briefly explain how the different Threat Actors work, what kind of infra and tools are used to launch attacks, and how bad they are at opsec.


Threat Actors Profiles:

  • Ransomware Groups based in Russia
  • Threat Actors based in China
  • Red Teamers

Diamond Model examples

I will use Diamond Model to explain Threat Actors methodology (It is self-explanatory I guess?)

Ransomware Group from Russia

How do Ransomware Group's based in Russia infra/tools look like?

Threat Actor based in Russia

Another Ransomware Group example is 62.182.159[.]147