#Commandandcontrol

Over New Orleans

@overneworleans.possumsin.space

4 days ago

PlaneAlert ICAO: AE109A Tail: 02 Flt: C102
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-03-11 09:07:58 CDT
GLF5 Gov CommandandControl MustBeNice VIPTransport Coastguard
- wiki - adsbexchange

DanDiego

@dandiegosd.bsky.social

1 week ago

The US military has suffered losses in its fight with Iran. 3 American service members have been killed. - NewsBreak President Donald Trump on Saturday warned that the US could suffer losses against Iran but called the operation "a noble mission."

This was avoidable. How many more will die before Congress leaders stop Trump’s incompetent actions?

The US military has suffered losses in its fight with Iran. 3 American service members have been killed. #USmilitary #Iran #Commandandcontrol #Israel
share.newsbreak.com/hhw2pwlr

CySecurity News

@cysecuritynews.bsky.social

3 weeks ago

Enhanced Surveillance Functions Signal a Strategic Shift in Remcos RAT Activity   It is difficult to discern the quiet recalibration of remote access malware that occurs without spectacle, but its consequences often appear in plain sight. The newly identified variant of Remcos RAT illustrates this progression clearly and unnervingly.  In its current architecture, the updated strain focuses on immediacy and persistence instead of serving as passive collectors of stolen information. With its newly designed operational design promoting direct, continuous communication with attacker-controlled infrastructure, it allows for the observation of compromised Windows systems in real time rather than after the incident has occurred. This shift does more than simply represent a routine upgrade. By moving away from the traditional method of locally caching harvested data, the malware reduces the amount of digital residue typically left behind by investigators. By transmitting information in near real time, compromise and exploitation can be minimized.  The latest build enhances this capability by enabling live webcam streaming and instantaneous keystroke transmission, creating active surveillance endpoints on infected machines. Therefore, the variant reinforces a broader trend within the threat landscape which places more importance on speed, stealth, and sustained visibility over simple data exfiltration. According to Point Wild's Lat61 Threat Intelligence Team, the latest Remcos iteration has been designed with a deliberate focus on runtime concealment and forensic minimization in mind. In contrast to the traditional method of embedding webcam footage within the core payload, a streaming module is retrieved and executed only on operator instruction, thereby minimizing its exposure during routine scanning. The handling of command-and-control configuration data, which is decrypted solely in memory, as opposed to writing it to disk, is also significant. In combination with dynamic API resolution, this approach further complicates static analysis. As opposed to hard-coding Windows API references, malware resolves and decrypts them during execution, thereby frustrating signature-based detection and impeding reverse engineering.  Additionally, the variant maintains its stealth posture by systematically removing artifacts associated with persistence mechanisms. Screenshots, audio captures, keylogging outputs, browser cookies, and registry entries are purged prior to termination. The malware may also generate a temporary Visual Basic script to enable the deletion of proprietary or operational files before self-exiting, thereby reducing the residual indicators investigators might otherwise be able to utilize. As researchers observe, the malware has continuously refined its evasion and operational depths, illustrating its continued relevance in the remote access trojan ecosystem.  During the execution phase, the malware conducts privilege assessments in order to determine the level of system access available for subsequent behavior based upon the privilege assessment. By utilizing this conditional logic, decisions regarding privilege escalation are influenced and high-impact actions can be executed, including the modification of protected directories, changes to registry keys, deployment of persistence mechanisms, or interference with security services—activities that typically require elevated privileges. By tailoring its behavior to the access context, the malware enhances its survivability and effectiveness within compromised environments by increasing its survivability and effectiveness. As part of initialization routines, intent is obscured until execution is well underway. As part of the configuration storage process, the binary stores parameters in encrypted or compressed form, allowing parameters to be decrypted only when the command-and-control infrastructure is established. A layered sequence is created by setting persistence mechanisms, dynamically loading APIs, and selectively activating operational capabilities, thus concealing the full range of functionality during preliminary inspection. These architectural decisions reinforce Remcos RAT's primary objective of providing sustained, covered access accompanied by comprehensive data theft. This malware offers capabilities such as credential harvesting, real-time surveillance, and structured data exfiltration, allowing operators to extract sensitive information as well as maintain interactive control over compromised systems.  Remcos' current form represents the next evolution of remote access malware—one where stealth, adaptability, and runtime obfuscation define the next phase in this evolving threat landscape. In addition to its layered execution chain, the malware performs a structured privilege assessment prior to initiating high-impact operations.  By granting elevated rights, it is able to modify registry keys, deploy persistence mechanisms in protected directories, and interfere with or disable local security protocols. In order to prevent multiple concurrent executions of Rmc-GSEGIF, a uniquely named mutex is instantiated, thus ensuring operational stability and reducing the possibility that anomalous behavior may reveal the infection.  Similarly, the command-and-control infrastructure is protected from direct examination. A malware binary does not contain a readable endpoint address, instead it stores an encrypted C2 address within the binary. As the string is reconstructed in memory during runtime, it can be utilized immediately to establish outbound communication via HTTP or raw TCP channels.  Through the application of transient reconstruction, static indicators are minimized and the window for intercepting configuration artifacts prior to network activity is narrowed. Following the completion of surveillance and exfiltration tasks, the malware moves to a cleaning phase intended to reduce the possibility of forensic reconstruction.  The keylogging outputs, screenshots, and audio recordings generated during the operation are systematically deleted, as well as cookies and registry entries associated with persistent access. To complete the self-erasure process, the malware drops a temporary script in the %TEMP% directory which is tasked with deleting remaining executable components before terminating the process.  As a result of this staged removal mechanism, the evidentiary trail is fragmented, further complicating the analysis after the incident. It is noted by Point Wild researchers that incrementally refined yet consistent refinements of these techniques reflect a sustained commitment to operational resilience and stealth.  As Remcos continues to evolve, they point out, Remcos reinforces its status as a flexible and enduring remote access trojan. A security team should intensify monitoring of anomalous outbound network connections and unauthorized registry modifications - indicators that may indicate the presence of run-time-obfuscated threats within enterprise environments.  Among the key elements of the malware’s defensive architecture is the deliberate elimination of plaintext indicators. In the binary, the command-and-control endpoint is not stored in readable form, making it difficult to extract static strings, detect antivirus infections using signatures, and harvest indicators easily. It is instead the C2 address (IP and port) that is encoded as an encrypted byte array during execution, which is subsequently reconstructed in memory by a byte-wise XOR operation before being sent to the networking layer for outbound communication. Further reducing static visibility, the malware dynamically loads WININET.dll at runtime in place of declaring imports beforehand, and uses the decrypted endpoint to communicate via HTTP or TCP.  By implementing a transient reconstruction model, critical infrastructure details are reconstructed in memory in an ephemeral manner. This design philosophy is also applied to its surveillance modules. Keyloggers online follow the same structural logic as offline predecessors, but they do not rely on disk persistence. Instead of writing intercepted keystrokes to local storage, they are packaged in structured payloads and sent directly through the established C2 channel, instead of writing them to local storage. User inputs are intercepted by input hooks, which are streamed to an attacker-controlled infrastructure in real time.  In addition to minimizing forensic artifacts on the victim's file system by bypassing local file creation, the malware offers operators continuous visibility into active sessions, including browser-based interactions and credentials entry fields. As part of modularization, webcam monitoring capabilities remain flexible and minimize the static footprint of the system.  Video capture logic is not embedded in the primary executable; rather, upon receiving a webcam-related command, it retrieves a dedicated Dynamic Link Library from the C2 server. After the module is delivered to memory or temporarily to disk, depending on configuration, the module is dynamically loaded with Windows API functions such as LoadLibrary, and specific exported routines are resolved with GetProcAddress.  A video capture device is initialized, frames are collected, compressed or encoded, and the resulting data is returned to the core process after encoding or compressing. By using the compartmentalized approach, the captured output can be transmitted in segmented form over the existing obfuscated communication channel while maintaining a static signature for the primary payload that does not have to be expanded.  As an example of additional extensibility, credential recovery plugins, including modules that expose functions such as FoxMailRecovery, that are loaded on demand in order to retrieve stored account information from targeted applications, exhibit additional extensibility. In order to execute and handle commands, a structured, text-based protocol is followed, encapsulating instructions and outputs within predefined string tokens prior to transmission.  As a result of invoking specific execution flags, such as /sext, the malware temporarily writes the output of a command to a randomly named file within the malware's working directory when it is invoked. By reading, exfiltrating, and deleting the contents, operational continuity and persistent traces can be maintained. In conjunction with these mechanisms, a coherent architectural strategy is demonstrated that emphasizes runtime decryption, modular capability loading, and artifact suppression.  By making sure sensitive configuration data, surveillance outputs, and auxiliary functionality are either memory-resident or transient, the new Remcos variant emphasizes the importance of security, adaptability, and sustained remote control in compromised Windows environments. These developments take together to illustrate an overall operational shift that cannot be ignored by defenders.  The Remcos variant exemplifies a class of threats designed to run primarily in memory, minimize static indicators, and adapt dynamically to host conditions as needed. The conventional signature-based controls and perimeter-focused monitoring will not be sufficient to provide sufficient protection against runtime-obfuscated activities on their own.  In addition to continuous monitoring of anomalous outbound traffic patterns, suspicious API resolutions in memory, unauthorized registry modifications, and irregular module loading events, security teams should prioritize behavioral detection strategies.  The ability to detect subtle persistence and data exfiltration attempts will be largely dependent on improving endpoint detection and response capabilities, enforcing least privilege access policies, and analyzing telemetry across network and host layers. In an increasingly modular and stealthy environment, proactive detection engineering and disciplined threat hunting will be vital to reducing dwell times and minimizing operational impact.

Enhanced Surveillance Functions Signal a Strategic Shift in Remcos RAT Activity #AdvancedPersistentThreats #CommandAndControl

iT4iNT SERVER

@it4intserver.bsky.social

3 weeks ago

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection. The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok

iT4iNT SERVER Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies VDS VPS Cloud #Cybersecurity #AI #Malware #C2Proxy #CommandAndControl

@angryscooter77.bsky.social

1 month ago

Just finished the audiobook of
#commandandcontrol.
Have read it before, but,
Just like with the movie, I started fucking crying when it ended.

If you haven't, you need to read and watch this media.
Extremely well done.

@angryscooter77.bsky.social

1 month ago

Who will win?
4 splody boys and their safety systems
Or
A single nut
#commandandcontrol

STREAMWIDE

@streamwide.bsky.social

1 month ago

Today’s 🪖 military operations demand more than voice-only radio communications.

👉 Discover how Team on mission strengthens tactical awareness, resilience and decision superiority: streamwide.com/en/military/

#Defense #MilitaryOperations #CommandAndControl #MissionCritical

BigLee

@biglee.bsky.social

1 month ago

An Officer's Eye View #CommandAndControl #WargameTheory Brigadier Peter Young saw wargames as thinking tools, not contests. This video uncovers how his officer’s-eye approach influenced modern command mechanics, scenario play, and rules that model friction instead of perfect player control.

An Officer's Eye View #CommandAndControl #WargameTheory

Penn ADS-B

@pennadsb.com

1 month ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-19 14:37:14 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

CySecurity News

@cysecuritynews.bsky.social

1 month ago

Transparent Tribe Targets Indian Public Sector and Academic Networks Several recent cyber espionage campaigns have drawn attention to Transparent Tribe, a long-standing advanced persistent threat group associated with a new wave of intrusions targeting Indian government bodies, academic institutions, and strategically sensitive organizations, which have re-opened the issue of Transparent Tribe.  According to security researchers, the activity has been attributed to the deployment of a sophisticated remote access trojan that is designed to establish a persistent, covert control over the compromised system, allowing the monitoring and access of data over a period of time.  In the process of carrying out this operation, it is evident that the execution was carried out with a high degree of social engineering finesse, as it used carefully crafted delivery mechanisms, including a weaponized Windows shortcut file disguised as a legitimate PDF document, filled with authentic-looking content, which reduced suspicion and increased execution rates, according to the technical analysis carried out by CYFIRMA. APT36 is a name that has been associated with Transparent Tribe in the security community for more than a decade. Transparent Tribe has maintained a consistent focus on Indian targets since the beginning of the 20th century, refining tradecraft and tooling to support the group's goals. In the past few years, the group has steadily added malware to its malware portfolio.  To adapt to changing defenses while maintaining access to high-value networks, the group has deployed a suite of custom remote access trojans like CapraRAT, Crimson RAT, ElizaRAT, and DeskRAT. As the investigation has found, the intrusion chain was initiated by a targeted spear-phishing email that delivered a compressed ZIP archive that contained a Windows shortcut file, crafted to look like a benign PDF document.  Upon execution, the file silently invokes a remote HTML Application using the native Windows component called mshta.exe, which has been abused numerous times over the years to circumvent security checks.  To maintain the illusion of legitimacy, a PDF decoy file is also downloaded and opened while the HTA script is decrypted and loaded entirely in memory, minimizing its footprint on the disk. This decoy PDF can be downloaded and opened without triggering the HTA script.  It has been reported by CYFIRMA that when the malware is able to decode the data, it will make extensive use of ActiveX objects, particularly WScript.Shell, to profile the host environment and manipulate runtime behavior. As a result of this technique, execution reliability and compatibility with the victim system will be improved.  Furthermore, this campaign's adaptive persistence strategy differs from the rest in that it dynamically adjusts itself in accordance with the endpoint security software detecting the compromised machine on the runtime.  Depending on the software people are running, Kaspersky, Quick Heal, Avast, AVG, or Avira have a tailor-made persistence mechanism that includes obfuscated HTA payloads, batch scripts, registry modifications, and malicious shortcut files placed in the Windows Startup directory to encrypt data.  As for systems lacking recognizable antivirus protection, a broader combination of these strategies can be used. This operation is anchored on a secondary HTA component which delivers a malicious DLL — known as iinneldc.dll — that performs the function of a fully featured RAT capable of allowing attackers to remotely administer a host, execute file operations, exfiltrate data, capture screenshots, monitor clipboards and control processes, allowing them to take complete control of infected systems.  In terms of operations, this campaign underscores Transparent Tribe's reliance on deceiving its adversaries as a central pillar of its intrusion strategy, emphasizing the importance of adaptability and deception.  The researchers found that attackers intentionally embedded complete, legitimate-looking PDF documents as shortcut files, presenting them as regular correspondence while hiding executable logic under the surface so that they would appear to be routine correspondence.  When this is done, it greatly increases the chances that the user will interact with the malware before it becomes apparent that any warning signs have been raised. Once access is gained, the malware doesn't need to rely on a single, static method to maintain its position.  Instead, it actively evaluates the compromised system's security posture and dynamically selects persistence mechanisms based on the installed endpoint protection, with a degree of conditional logic that is a reflection of careful planning and familiarity with common defensive environments in an attempt to meet their needs.  Using encrypted command-and-control channels, the remote access trojan can communicate with attacker-controlled infrastructure, enabling it to receive instructions and exfiltrate sensitive data all while blending into the normal traffic stream on the network, reducing the chances it will be detected.  According to security analysts, this operation has far broader implications than just a routine malware incident and has a lot to do with the overall threat landscape. It is clear from the campaign that it is an operation of cyber-espionage carried out by a cyber-espionage group with a long history of targeting the Indian government, defense and research institutions as a target for their attacks.  There is an intentional effort to avoid traditional signature-based defenses with this attack by focusing on in-memory execution and fileless techniques, while the use of socially engineered, document-based lures indicates that an understanding is in place of how trust and familiarity can be exploited within targeted organizations in order to achieve a successful attack.  The combination of these elements suggests that a persistent and mature adversary has been refining its tradecraft for years, reinforcing concerns about the sustained cyber threat facing critical sectors in India. Additionally, the malware deployed in this campaign functions as a remote access trojan that allows attackers to control infected systems in a persistent and covert manner. Based on this analysis, it can be concluded that this malware is a highly sophisticated remote access trojan.  In addition to the use of trusted Windows binaries such as mshta.exe, PowerShell, and cmd.exe, researchers discovered the toolset focuses heavily on stealth, utilizing in-memory execution as well, which minimizes the on-disk footprint, as well as evading traditional detection methods.  In addition to setting up an encrypted command-and-control channel, the RAT also provides operators with the ability to issue commands, collect detailed system information, and exfiltrate sensitive information without being noticed.  By exploiting the exploits of the malware, operators are able to create a profile of compromised hosts by gathering information such as the operating system’s details, usernames, installed software, and active antivirus software, enabling them to implement follow-up actions tailored to their needs.  This software enables remote command execution, comprehensive file management, targeted document theft, screenshot capture, clipboard monitoring and manipulation, granular process control, as well as the ability to execute commands remotely. This software is supported by persistence mechanisms that are adjusted according to the victim's security environment.  Collectively, these capabilities strengthen the perception that the malware has been designed to support long-term surveillance and data collection rather than short-term disruption, thus confirming that it was built specifically for espionage. Typically, the infection lifecycle begins with a carefully constructed social engineering lure that appears to be legitimate and routine.  As the payload in this case was framed as an examination-related document, it was used to target victims and spread the word that they would be able to receive a ZIP archive titled "Online JLPT Exam Dec 2025.zip." The archive reveals a shortcut file whose extension is .pdf.lnk when extracted, which is a tactic that exploits Windows’ way of handling shortcut files, where it conceals the executable nature of the payload even though the file extensions can be seen on the file. This shortcut, which is unusually large—measuring over 2 megabytes instead of the usual 10 to 12 megabytes—prompted closer examination to reveal that the file was deliberately inflated in order to closely resemble a legitimate PDF file.  It was discovered that the shortcut contained multiple markers associated with embedded image objects, indicating that it contained a complete PDF structure as opposed to serving simply as a pointer. This design choice was made so the shortcut would appear in line with user expectations, as well as fit the file size within the archive.  In addition to this, a multi-stage design can be observed in the archive as well. An investigation revealed that there is a hidden directory labelled “usb” containing a file titled usbsyn.pim in it, which was unable to be decoded conclusively during analysis, but which researchers believe to contain encrypted data or code that will be used later on in the execution process.  As a result of activating the shortcut, a legitimate Windows application called MSSHTA.exe is invoked, passing a remote URL to a malicious HTML application hosted on attacker-controlled infrastructure in order to retrieve and execute this malicious HTML application.  It is evident from file metadata that the shortcut was created in late March 2025, a timeframe which provides some insight into the campaign's timeline. It is the intent of the HTA loader, to create the illusion of legitimacy, to retrieve and open a legitimate PDF document simultaneously, so the victim perceives the activity as harmless and expected.  Moreover, the HTA loader itself is the basis of the execution chain, which has been designed to operate with the least amount of user visibility possible.  A script launching at zero dimensions hides the activity of its execution by resizing its window to zero dimensions. The script then initializes a series of custom functions that perform Base64 decoding and XOR-based decryption routines, in order to gradually reconstruct the malicious payload in memory. This is all accomplished by the loader exploiting ActiveX components, such as WScript.Shell, in order to interact with the underlying Windows environment during this process. Through the querying of registry keys to determine which .NET runtimes are available and the dynamic adjustment of environment variables such as COMPLUS_Version, the malware ensures that the malware is compatible with different systems.  It is clear that Transparent Tribe's campaign has been highly calculated and methodical in its approach to environment profiling, runtime manipulation, and abuse of legitimate system components, demonstrating a mature tradecraft that is reflected in the campaign's methodical approach.  Researchers report that, beyond the activities linked to Transparent Tribe, there are growing threats that are being targeted at Indian institutions, and tools and infrastructure that overlap are increasingly blurring the lines between various regional espionage groups who are using overlapping tools and infrastructure.  A former hacker named Patchwork has also been identified as the perpetrator of an assault program dubbed StreamSpy, which introduces a dual-channel command-and-control model that utilizes WebSocket and HTTP protocols to deliver distinct operational benefits, as of December 2025.  Using WebSocket connections for executing commands and returning execution results, as opposed to the traditional HTTP connections for transferring files, displays the analysis by QiAnXin, indicating a design choice intended to reduce visibility and evade routine network inspection by the company.  By using ZIP archive delivery services hosted on attacker-controlled domains, the malware has delivered a payload capable of harvesting information about a system, establishing persistence through multiple mechanisms, including registry modifications, scheduled tasks, and startup shortcuts, and providing an array of commands for remote file manipulation, execution, and file retrieval.  Furthermore, investigators have identified code-level similarities between StreamSpy and Spyder, a backdoor variant previously attributed to SideWinder and historically used by Patchwork, as well as digital signatures reminiscent of ShadowAgent, a Windows RAT associated with the DoNot Team, that are similar to ShadowAgent.  According to the convergence of these technical indicators, coupled with independent detections by several security firms in late 2025, it appears that regional threat actors continue to integrate tooling and cross-pollinate among themselves.  Analysts are stating that the emergence of StreamSpy and its variants reflects a sustained effort among these groups to refine the arsenals they possess, experiment with alternative communication channels, and maintain operational relevance while the defensive capabilities of these groups improve. Taking all of the findings presented in this investigation together, people are able to identify a cyber-espionage ecosystem that is more widespread and more entrenched against Indian institutions.  It is characterized by patience, technical depth, and convergence between multiple threat actors in terms of tools and techniques. This campaign provides an example of how mature adversaries continue to improve their social engineering skills, take advantage of trusted components of systems and customize persistence mechanisms in order to maintain long-term access to high-value networks through social engineering and system abuse. StreamSpy, for instance, illustrates a parallel trend in which regional espionage groups iterate on one another's malware frameworks, while experimenting with alternative command-and-control systems to evade detection, a trend that has been accelerating since the advent of related toolsets.  Defendants should be aware that the significance of these campaigns lies not in any particular exploit or payload, but rather in the cumulative messages that they send, demonstrating that state-aligned threat actors are still deeply involved in collecting persistent intelligence and that the threat to government institutions, educational institutions, and strategic sectors is evolving rather than receding in sophistication.

Transparent Tribe Targets Indian Public Sector and Academic Networks #AdvancedPersistentThreat #APT36 #CommandAndControl

Penn ADS-B

@pennadsb.com

1 month ago

PlaneAlert ICAO: AE109A Tail: 02 Flt: C102
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-16 11:30:11 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02 Flt: C102
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-13 22:17:30 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-12 14:51:57 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-10 15:42:31 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-09 17:15:49 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-08 09:41:59 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-07 20:47:30 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02 Flt: C102
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-06 05:39:24 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02 Flt: C102
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-05 12:02:56 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Over KTPA

@overktpa.bsky.social

2 months ago

PlaneAlert ICAO: AE109A Tail: 02 Flt: C102
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2026-01-04 11:14:55 EST
GLF5 CommandandControl MustBeNice VIPTransport Coastguard
adsb - wiki - adsbexchange

Over KTPA

@overktpa.bsky.social

2 months ago

PlaneAlert ICAO: AE109A Tail: 02 Flt: C102
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2025-12-30 15:32:19 EST
GLF5 CommandandControl MustBeNice VIPTransport Coastguard
adsb - wiki - adsbexchange

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02 Flt: C102
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2025-12-28 09:58:04 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Martin Koenigsberg (MarTMar) (SteelyDab)

@martinkoenigsberg.bsky.social

2 months ago

Look Up New Old Book! #Grip #CommandAndControl #ImperialGeneralStaff #WWIIHistory #SWWHistory #WWII #SWW #WargameResearch #Montgomery #RWThompson #WarLeaderBookNo29 #BallantinesIllustratedHistoryOfTheViolentCentury #NorthAfrica #NWEurope #FlamesOfWar #WorldWarIIWargaming @raiderlee.bsky.social

@bmimo.bsky.social

2 months ago

Taiwan, C2, and the Battle That Starts Before the First Shot By M.Brosh, Author of Cassandra's Shadow

open.substack.com/pub/mbrosh/p...

#Taiwan #C2 #CommandAndControl #Geopolitics #Security #IndoPacific

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2025-12-20 16:04:58 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2025-12-20 10:48:39 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Penn ADS-B

@pennadsb.com

2 months ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2025-12-19 07:15:02 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence

Aircraft Above Boston

@aboveboston.bsky.social

2 months ago

PlaneAlert ICAO: AE109A Tail: 02
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2025-12-19 06:26:58 EST
GLF5 CommandandControl MustBeNice VIPTransport
adsb Planefence by kx1t - wiki - airplanes.live - link

Aircraft above Arth, SZ 🚁🛩️

@abovearth.bsky.social

2 months ago

PlaneAlert ICAO: AE109A Tail: 02 Flt: C102
Owner: UnitedStatesCoastGuard
Aircraft: Gulfstream C-37A
2025-12-19 02:16:07 CET
GLF5 CommandandControl MustBeNice VIPTransport
adsb planefence planealert by kx1t - wiki - adsbexchange - planefence