Curated Intelligence @CuratedIntel
Bringing together intelligence researchers and incident responders. #TrackThePlanet curatedintel.org Joined September 2020-
Tweets402
-
Followers14K
-
Following105
-
Likes140
Reviving my blog with a complete analysis of the latest #LockBit #ransomware v4.0 Green! 🤠 chuongdong.com/reverse%20engi… h/t to @fwosar & @demonslay335 for all the crypto helps! Huge thanks to @BushidoToken & @CuratedIntel for the threat intelligence insight too! 🙏
⚠️PSA: VPN & RDWeb password guessing attacks have been observed originating from IP addresses consistently across the following subnets: 85.239.59.0/24 85.239.58.0/24 85.239.57.0/24 85.239.56.0/24 ➡️ Check for low & slow password guessing attempts and successful logins.
@jamieantisocial Thank you, Jamie
Related articles 1. arcticwolf.com/resources/blog… 2. horizon3.ai/attack-researc… 3. dashboard.shadowserver.org/statistics/com…
⚠️PSA: Curated Intel members in DFIR have noticed a trend in exploitation of CVE-2024-57727 in the SimpleHelp RMM tool to deploy Medusa ransomware. ➡️ This tool is often used by IT Managed Service Providers (MSPs) to remotely control customer endpoints and have been impacted.
Got a new project to share later this year which will be published via @CuratedIntel — a community of researchers that are awesome at providing great feedback and insights. Keep a look out for it in the next few months! 📝 Last time we did, we made this: curatedintel.org/2023/07/the-th…
⚠️PSA: Curated Intel DFIR has noticed a new trend among Akira Ransomware cases in Summer 2024. For a while, Akira has been exploiting Cisco ASA devices. ➡️ They are now targeting SonicWall SSL-VPNs for access with no MFA (!) and weak passwords (!). Other TTPs remain the same 🔍
PSA from the @CuratedIntel Community to the CTI industry — watch out for cybercrime groups seeking access to your vendor platforms ⚠️
@MHiemer22 Technical details available here: 1. blogs.cisco.com/security/akira… 2. truesec.com/hub/blog/akira…
⚠️PSA: Curated Intel DFIR teams noticed a severe uptick in Akira Ransomware cases in Jan 2024. Same repeated TTPs: - Dwell times of < 4 hours on average - Cisco ASA VPN for Access - WinSCP for exfil / WinRAR for compression - AnyDesk RMM for persistence - 'w.exe' Akira payload
Our friends at CSIRT-CTI have published their first new blog, stay tuned for more APT research from them! csirt-cti.net/2024/01/23/sta…
Come along to the first ever Curated Intel workshop. There will also be prizes for the best profile! #CTI
My upcoming CTI workshop: 'Keep Your Enemies Closer: How to Profile and Track Threat Actors' at #BSidesLondon2023 is live! pretalx.com/bsides-london-…
🌐 Curated Intel is tracking hacktivist, cybercriminal, and regional APT groups surrounding the war in Israel. We describe the types of campaigns and attacks we've observed so far and have also provided recommendations for CTI analysts monitoring the war. curatedintel.org/2023/10/tracki…
We had some good convos in the @CuratedIntel community today based on this @thecyberwire interview Really interesting that @C_C_Krebs says the *most important skill* he looks for in a CTI analyst is their “ability to communicate risk to businesses” 🗣️⚠️ thecyberwire.com/podcasts/speci…
A Day in the Life of a CISO
Pure facts #CTI
@BushidoToken @aejleslie @Gi7w0rm @AlvieriD @AJVicens @kevincollier @ddd1ms The thing that makes this profession hard sometimes is that victims lie about attacks, the criminals are lying pieces of shit, and randos on Twitter lie about what they know. Trying to get through the lies to the truth is a big challenge.
@phillmoore and I posted a blog on a TTP observed in an #Akira Ransomware case. ➡️ Actor gains access to Hyper-V server (with EDR) and creates a fresh VM ➡️ Turns off server VMs and mounts Hyper-V data disk on new VM ➡️Starts encrypting vhdx files! cybercx.com.au/blog/akira-ran…
TL;DR of ALPHV/BlackCat's essay on the MGM breach - The attack began ~8 Sept. - They stole data and gained admin on their Okta SSO & Azure cloud tenant - ~100 ESXi hypervisors were hit by ransomware on 11 September - No ransom was paid Read in full here: gist.githubusercontent.com/BushidoUK/20b8…
⚠️ Use Microsoft Teams? Watch out for TeamsPhisher! While it is not usually possible to send files to MS Teams users outside your org, by security researchers found a bypass by manipulating Teams web requests 🔥 github.com/Octoberfest7/T… Examples of MS Teams phish lures ⬇️ 1/3
vx-underground @vxunderground
440K Followers 363 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru Co-founder @CuratedIntel Co-author @SANSForensics FOR589 Co-founder @BSidesBournemth @darknetdiaries #126: REvil
mRr3b00t @UK_Daniel_Card
123K Followers 8K Following Department of Cyber WAR. Member of the Counter Spider Collective. Wielder of AI to defend in Cyber Space. Ralph Vibe Specialist. VibeOps Operator!
Justin Elze @HackingLZ
71K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Michael Koczwara @MichalKoczwara
25K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
ςεяβεяμs - м�... @c3rb3ru5d3d53c
26K Followers 245 Following 💕 Malware Reverse Engineer & Malware Geneticist 💕 #Binlex Developer https://t.co/EKYUS9Itvd 👩💻 She/Her
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Germán Fernández @1ZRR4H
38K Followers 463 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher at https://t.co/rDrSxZStZD | @CuratedIntel Member | 🥷🧠🇨🇱
Kostas @Kostastsale
20K Followers 385 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
CyberKnow @Cyberknow20
37K Followers 3K Following Situational Awareness | Threat Intelligence | cybertracker | Hacktivism | Meme Farmer Digital Owl of the Cyber Realm Posts and Opinions are my own
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
💻 Sherrod @sherrod_im
37K Followers 7K Following Difficult mystery girl connected to the divine forces of the universe.
Soufiane @S0ufi4n3
14K Followers 238 Following A random infosec/science enthusiast guy... This account is personal and only reflects my opinions, not those of my employer...and if it hurts your feelings🖕
Gi7w0rm @Gi7w0rm
19K Followers 819 Following Threat Intelligence Analyst | Projects: https://t.co/azRpNg9NJQ & https://t.co/SyvUfXpbmI | If I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p 🇪🇺🇩🇪🇺🇦🌈
Allan “Ransomware S... @uuallan
17K Followers 6K Following Back The Press Guardian & The Clock:1942 https://t.co/liXLX2DeQ8
Clandestine @akaclandestine
61K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
SOS Intelligence @SOSIntel
20K Followers 2K Following Dark Web Intelligence. We find what's been stolen before it's weaponised. https://t.co/aQgEdlJVPl
Cyber_OSINT @Cyber_O51NT
22K Followers 314 Following #OSINT treasure hunter, investigator, #CyberThreatIntel analyst. Opinions are my own. Follow me on Telegram https://t.co/i6VBbeUXgd for cyber news.
John Hultquist @JohnHultquist
30K Followers 1K Following Chief Analyst, Google Threat Intelligence Group. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.
helly hansen @hellyhansn
8 Followers 726 Following
Szabolcs Schmidt @smica83
4K Followers 497 Following Threat Intel Specialist and Incident Responder. Private account. All opinions expressed here are mine only. https://t.co/7dQQO1JwUd
gino gino @ginolacotica
1 Followers 51 Following
Shadowcraft @shadowcraf7
0 Followers 132 Following Reading between the lines. OSINT, Human behaviour, and Tradecraft.
RoubaramMeuNick @RoubaramMeuNick
1 Followers 37 Following
Halit Alptekin @crimedisruptor
88 Followers 451 Following Final Boss of the Threat Actors • Cybercrime Disruptor • Heir of the Akindji • Silent in noise, lethal in shadow.
Srinath @Srinath3869981
0 Followers 178 Following
ZuriGorri20 @zurigorri20
12 Followers 211 Following
Araucaria Cybersecuri... @hello_araucaria
2 Followers 46 Following Cybersecurity and Software Engineering Consultancy for Small and Medium Sized Businesses
asher lee @LeeAsher16043
1 Followers 41 Following
Cryptocanyon @Cryptocanyon1
103 Followers 2K Following crypto fun guy. 87grmDNZcNJDGpUPtED47CfvvF2DAdKjpXG4UzdZb5gTjSbwjeUBvYYYbX2Ad1GdLFC You wanted this war ... And we are always watching. $ltc $xmr #xmr #freedom
Noone @lurkerer
15 Followers 408 Following
Saíra @youngeric_
891 Followers 1K Following Threat Research | Jiu-Jitsu as a lifestyle and philosophy
Pranith Jain @Npj8448
42 Followers 665 Following Building at the intersection of AI, threat intelligence, and edge-native security tooling
Abdulrahman Alwardani @3lwardani
0 Followers 60 Following
derek @_watcher7
12 Followers 145 Following Christian | Head of Rebel Intelligence | Security Manager | watcher
vrc @vagnerchrist
0 Followers 202 Following
Fletch @fletchcyber
135 Followers 559 Following
- @twodevnull
36 Followers 2K Following
BG @inverze_io
34 Followers 1K Following
_Cyb3rICS @_Cyb3rICS
1 Followers 129 Following
Stanley Kublai Khan @kulblai
0 Followers 223 Following
David Perez @anakinswal
308 Followers 2K Following |#CC |#CTIA |#ECIH |#eCTHP|#eCIR |Intel Ops Padawan |All systems are vulnerable (People2) |PurpleTeam addict👾 |Retrato atardeceres 🌅 |Destilo gin🍸|Cultivo 🍄
Matthew @mmatthew2x
1 Followers 103 Following
michael @NocturnalTrace
3 Followers 83 Following
vi @_vielite_
578 Followers 2K Following hacker | Top 3 @glider_xyz leaderboard 🥉 | ctf player for @infobahn_ctf
AMZ @omg_AMZ
32 Followers 250 Following
KHALID 🤓 @caliphate494
52 Followers 615 Following Computer Engineer || cybersecurity student | Bridging the gap between hardware/software & security protocols.#OSINT #DFIR
Steve's twisted Tleil... @syssws
297 Followers 2K Following Husband, Grandpa, Feminist, Veteran, Infosec, Coffee Fetishist, Maker, Master cat food sommelier, SIGINT curious. he/him/y'all #BlackLivesMatter
Martina L @M4r_tin4
83 Followers 192 Following Threat Intelligence @ Group-IB, Computer Science student. I also like cats. Tweets, likes and retweets voice my own opinions.
ECHO AURO @echoaurocle
0 Followers 32 Following
محمد الأدغم @Al_adg
14 Followers 146 Following "Normality is a paved road it’s comfortable to walk but no flowers grow." CTI analyst - Security Researcher
Steve Cuthbert @cutty424
12 Followers 627 Following
mr-stupid @MStupid49754
55 Followers 698 Following CTF Player | Reverse Engineering | Archlinux USER btw
ryu @ryuya112358
56 Followers 293 Following 〜2024まで年組み込みエンジニア・2025からサイバーセキュリティエンジニア 英語・スペイン語: 勉強中 GitHub: https://t.co/RHYvsH9Y3F
vx-underground @vxunderground
440K Followers 363 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru Co-founder @CuratedIntel Co-author @SANSForensics FOR589 Co-founder @BSidesBournemth @darknetdiaries #126: REvil
Michael Koczwara @MichalKoczwara
25K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Germán Fernández @1ZRR4H
38K Followers 463 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher at https://t.co/rDrSxZStZD | @CuratedIntel Member | 🥷🧠🇨🇱
The DFIR Report @TheDFIRReport
67K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion
Kostas @Kostastsale
20K Followers 385 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
Unit 42 @Unit42_Intel
69K Followers 81 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
💻 Sherrod @sherrod_im
37K Followers 7K Following Difficult mystery girl connected to the divine forces of the universe.
Max_Malyutin @Max_Mal_
13K Followers 305 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”
Microsoft Threat Inte... @MsftSecIntel
196K Followers 996 Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.
Bmth2600🎡🏖️ @bournemouth2600
336 Followers 193 Following The 2600 Hackers of Bournemouth who meet on the First Friday of Every Month. Talks, Workshops, Panels, Drinks! All are welcome 💻 | Account run by a random guy
Joe Roosen @JRoosen
9K Followers 2K Following SpyCloud - Director of Security Research, Cryptolaemus, Emotet(Ivan)/QBot(Boris) Destroyer, gold prospector & former sysadmin. retweet != endorsement.
Ollie Whitehouse @ollieatnowhere
6K Followers 1K Following CTO @NCSC Former: PortSwigger, Interrupt Labs, NCC Group, BlackBerry, Symantec and Atstake
Steve YARA Synapse Mi... @stvemillertime
18K Followers 1K Following AI threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
The Vertex Project @vtxproject
3K Followers 4K Following On a mission to create an intelligence-driven future with Synapse.
Intel-Ops @Intel_Ops_io
2K Followers 4 Following Adversary Infrastructure Hunting & Training Curated Threat Intelligence Feed (Coming Soon) https://t.co/N9OKrTrvV0 https://t.co/3YFZfEbgpI
Mark Kelly @markkelly0x
721 Followers 425 Following Threat research @Proofpoint 🇨🇳 | Member @CuratedIntel | former @RecordedFuture
Pulsedive Threat Inte... @pulsedive
3K Followers 286 Following Frictionless threat intelligence solutions for growing teams. On-demand searching, scanning & enrichment for the security community.
1ce7ea @1ce7ea
1K Followers 159 Following
Lena 🏳️🌈�... @LambdaMamba
5K Followers 532 Following Creator of https://t.co/kdXvRaVEEf | Founder of @MalwareVillage | (Un)Natural Scientist | 🇬🇧 with wife ❤️
monty @_montysecurity
683 Followers 232 Following threat hunter | profile art credit @vxunderground @pancak3lullz
CYBERWARCON @CYBERWARCON
6K Followers 569 Following #CYBERWARCON 2025 Registration and CFP are now open | 📧 Subscribe to receive updates at https://t.co/5lb0WvK6MJ
tas_kmanager@infosec.... @tas_kmanager
938 Followers 2K Following ☁️🛡️ opinions are mine. food, music and astrophotography when afk. @TheDFIRReport @CuratedIntel #ThreatHunting #DetectionEngineering #DFIR #CloudSecurity
Daniel López @0xDanielLopez
2K Followers 541 Following Cyber Threat Researcher | @CuratedIntel member | https://t.co/Qca1zowojF | https://t.co/RDJsBcoh0y
. @4n6Bexaminer
1K Followers 772 Following
Kevin Holvoet @digihash
2K Followers 849 Following Cyber Threat Research Lead @CCB_Belgium/@CCBalert | #FOR578: #CTI @SANSInstitute instructor | @CuratedIntel | loves to try new things: food, beer whisky, etc.
ۗۗۗۗۗۗۗۗۗۗ�... @joshhighet
1K Followers 798 Following
Sean O'Connor (He/Him... @vHUMINT
941 Followers 2K Following Head of @Equinix Threat Analysis Center (ETAC) | @SANSInstitute FOR589 Author | @curatedintel contributor | Husband, Father, Veteran | Thoughts are my own
InfoSecProf @_John_Doyle
2K Followers 966 Following Cyber threat intelligence | Palo Alto Unit 42 | SANS FOR578 instructor | Arcane Trickster | Ex-Mandiant | Ex-CIA | Posts represent my personal views
CD-R0M @CD_R0M_
1K Followers 1K Following IR @Mandiant | Interested in #DFIR and #ThreatIntel | Tweets attributable to me and not my employer
Aaron Roberts @AaronCTI
2K Followers 1K Following Co-Founder @webamon_search, Founder @PIntelligenceUK, Training @kasescenarios, #MontyTheCyberCorgi. Webinars/Exec @OSINT_Community, Creator of the OSINT Portal
(╯°□°)╯︵ S�... @cybersecstu
29K Followers 4K Following Enough internet for today, enough cyber security for a lifetime. Mostly not here.
Alexander Leslie @aejleslie
4K Followers 469 Following Cybercrime & Hacktivism @RecordedFuture | @Georgetown, @AmericanU Alum. | @CuratedIntel Member | #ChiefsKingdom | Same handle on the other sites.
Danny @B4nd1t0_
435 Followers 715 Following USAF Veteran | Threat Hunter (DFIR) | Membership: @DeadPixelSec, @BlueTeamVillage, @curatedintel | DnD Nerd | pfp by @cyangmou | banner by @soarerv1
A10 Networks @A10Networks
15K Followers 16K Following A10 Networks provides secure, scalable application services for on-premises, cloud and edge-cloud environments.
Ohad Zaidenberg @ohad_mz
2K Followers 925 Following Forbes 30 Under 30 @Forbes | Head of Intelligence @abinbev | Founder @ctileague | @SANSInstitute Difference Makers Award WIRED25 @wired | Opinions are mine
Zach @svch0st
4K Followers 1K Following Everything DFIR @TheDFIRReport | @CuratedIntel | @XintraOrg https://t.co/ggakuKBS0S
Colin Cowie👨🏼�... @th3_protoCOL
3K Followers 880 Following Threat Intelligence 🏹 Malware Research 🧬 Managed Detection and Response @Sophos
Chelsea @seadev@infos... @seadev3
387 Followers 463 Following Efficiency enthusiast. Here for the swag. Tweets != employers @CuratedIntel Member
Danus @danusminimus
2K Followers 520 Following Member of @CuratedIntel | Researcher at @Pillar_sec | AI Security | OSCP
Malwar3Ninja | Threat... @Malwar3Ninja
4K Followers 3K Following Malware Hunter | ⚡🆓Threat Intelligence: @threatviewio | Cyber Defense | DFIR | Views are personal | Retweet≠endorsement | 🍺🥃
@[email protected]... @nordenlund
102 Followers 310 FollowingTrends for United States
You might like
