Curated Intelligence @CuratedIntel
Bringing together intelligence researchers and incident responders. #TrackThePlanet curatedintel.org Joined September 2020-
Tweets402
-
Followers14K
-
Following106
-
Likes140
Reviving my blog with a complete analysis of the latest #LockBit #ransomware v4.0 Green! 🤠 chuongdong.com/reverse%20engi… h/t to @fwosar & @demonslay335 for all the crypto helps! Huge thanks to @BushidoToken & @CuratedIntel for the threat intelligence insight too! 🙏
⚠️PSA: VPN & RDWeb password guessing attacks have been observed originating from IP addresses consistently across the following subnets: 85.239.59.0/24 85.239.58.0/24 85.239.57.0/24 85.239.56.0/24 ➡️ Check for low & slow password guessing attempts and successful logins.
@jamieantisocial Thank you, Jamie
Related articles 1. arcticwolf.com/resources/blog… 2. horizon3.ai/attack-researc… 3. dashboard.shadowserver.org/statistics/com…
⚠️PSA: Curated Intel members in DFIR have noticed a trend in exploitation of CVE-2024-57727 in the SimpleHelp RMM tool to deploy Medusa ransomware. ➡️ This tool is often used by IT Managed Service Providers (MSPs) to remotely control customer endpoints and have been impacted.
Got a new project to share later this year which will be published via @CuratedIntel — a community of researchers that are awesome at providing great feedback and insights. Keep a look out for it in the next few months! 📝 Last time we did, we made this: curatedintel.org/2023/07/the-th…
⚠️PSA: Curated Intel DFIR has noticed a new trend among Akira Ransomware cases in Summer 2024. For a while, Akira has been exploiting Cisco ASA devices. ➡️ They are now targeting SonicWall SSL-VPNs for access with no MFA (!) and weak passwords (!). Other TTPs remain the same 🔍
PSA from the @CuratedIntel Community to the CTI industry — watch out for cybercrime groups seeking access to your vendor platforms ⚠️
@MHiemer22 Technical details available here: 1. blogs.cisco.com/security/akira… 2. truesec.com/hub/blog/akira…
⚠️PSA: Curated Intel DFIR teams noticed a severe uptick in Akira Ransomware cases in Jan 2024. Same repeated TTPs: - Dwell times of < 4 hours on average - Cisco ASA VPN for Access - WinSCP for exfil / WinRAR for compression - AnyDesk RMM for persistence - 'w.exe' Akira payload
Our friends at CSIRT-CTI have published their first new blog, stay tuned for more APT research from them! csirt-cti.net/2024/01/23/sta…
Come along to the first ever Curated Intel workshop. There will also be prizes for the best profile! #CTI
My upcoming CTI workshop: 'Keep Your Enemies Closer: How to Profile and Track Threat Actors' at #BSidesLondon2023 is live! pretalx.com/bsides-london-…
🌐 Curated Intel is tracking hacktivist, cybercriminal, and regional APT groups surrounding the war in Israel. We describe the types of campaigns and attacks we've observed so far and have also provided recommendations for CTI analysts monitoring the war. curatedintel.org/2023/10/tracki…
We had some good convos in the @CuratedIntel community today based on this @thecyberwire interview Really interesting that @C_C_Krebs says the *most important skill* he looks for in a CTI analyst is their “ability to communicate risk to businesses” 🗣️⚠️ thecyberwire.com/podcasts/speci…
A Day in the Life of a CISO
Pure facts #CTI
@BushidoToken @aejleslie @Gi7w0rm @AlvieriD @AJVicens @kevincollier @ddd1ms The thing that makes this profession hard sometimes is that victims lie about attacks, the criminals are lying pieces of shit, and randos on Twitter lie about what they know. Trying to get through the lies to the truth is a big challenge.
@phillmoore and I posted a blog on a TTP observed in an #Akira Ransomware case. ➡️ Actor gains access to Hyper-V server (with EDR) and creates a fresh VM ➡️ Turns off server VMs and mounts Hyper-V data disk on new VM ➡️Starts encrypting vhdx files! cybercx.com.au/blog/akira-ran…
TL;DR of ALPHV/BlackCat's essay on the MGM breach - The attack began ~8 Sept. - They stole data and gained admin on their Okta SSO & Azure cloud tenant - ~100 ESXi hypervisors were hit by ransomware on 11 September - No ransom was paid Read in full here: gist.githubusercontent.com/BushidoUK/20b8…
⚠️ Use Microsoft Teams? Watch out for TeamsPhisher! While it is not usually possible to send files to MS Teams users outside your org, by security researchers found a bypass by manipulating Teams web requests 🔥 github.com/Octoberfest7/T… Examples of MS Teams phish lures ⬇️ 1/3
vx-underground @vxunderground
437K Followers 357 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
mRr3b00t @UK_Daniel_Card
122K Followers 8K Following Department of Cyber WAR. Member of the Counter Spider Collective. Wielder of AI to defend in Cyber Space. Ralph Vibe Specialist. VibeOps Operator!
Justin Elze @HackingLZ
70K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Michael Koczwara @MichalKoczwara
25K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
ςεяβεяμs - м�... @c3rb3ru5d3d53c
26K Followers 242 Following 💕 Malware Reverse Engineer & Malware Geneticist 💕 #Binlex Developer https://t.co/EKYUS9Itvd 👩💻 She/Her
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Germán Fernández @1ZRR4H
38K Followers 464 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher at https://t.co/rDrSxZStZD | @CuratedIntel Member | 🥷🧠🇨🇱
Kostas @Kostastsale
20K Followers 384 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
CyberKnow @Cyberknow20
37K Followers 3K Following Situational Awareness | Threat Intelligence | cybertracker | Hacktivism | Meme Farmer Digital Owl of the Cyber Realm Posts and Opinions are my own
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
Soufiane @S0ufi4n3
14K Followers 237 Following A random infosec/science enthusiast guy... This account is personal and only reflects my opinions, not those of my employer...and if it hurts your feelings🖕
Gi7w0rm @Gi7w0rm
19K Followers 819 Following Threat Intelligence Analyst | Projects: https://t.co/azRpNg9NJQ & https://t.co/SyvUfXpbmI | If I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p 🇪🇺🇩🇪🇺🇦🌈
Allan “Ransomware S... @uuallan
17K Followers 6K Following Back The Press Guardian & The Clock:1942 https://t.co/liXLX2DeQ8
Clandestine @akaclandestine
60K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
SOS Intelligence @SOSIntel
20K Followers 2K Following Dark Web Intelligence. We find what's been stolen before it's weaponised. https://t.co/aQgEdlJVPl
Cyber_OSINT @Cyber_O51NT
22K Followers 315 Following #OSINT treasure hunter, investigator, #CyberThreatIntel analyst. Opinions are my own. Follow me on Telegram https://t.co/i6VBbeUXgd for cyber news.
John Hultquist @JohnHultquist
30K Followers 1K Following Chief Analyst, Google Threat Intelligence Group. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.
Steve's twisted Tleil... @syssws
269 Followers 2K Following Dad, Feminist, Vet, Infosec, Coffee Fetishist, Maker, Master cat food sommelier, SIGINT curious. @infosec.exchange, spoutible he/him #BlackLivesMatter
Martina L @M4r_tin4
82 Followers 192 Following Threat Intelligence @ Group-IB, Computer Science student. I also like cats. Tweets, likes and retweets voice my own opinions.
ECHO AURO @echoaurocle
0 Followers 30 Following
محمد الأدغم @Al_adg
14 Followers 144 Following "Normality is a paved road it’s comfortable to walk but no flowers grow." CTI analyst - Security Researcher
Steve Cuthbert @cutty424
12 Followers 625 Following
mr-stupid @MStupid49754
38 Followers 328 Following CTF Player | Reverse Engineering & Malware Analysis | Archlinux USER btw
Mohammed Meeran @mmeeran_26
0 Followers 787 Following
ryu @ryuya112358
58 Followers 279 Following 〜2024まで年組み込みエンジニア・2025からサイバーセキュリティエンジニア 英語・スペイン語: 勉強中 GitHub: https://t.co/RHYvsH9Y3F
Manuel Martín @ElVigilante_com
21 Followers 297 Following Cyber Defense Threat Hunter turned Founder Trying to outrun stupidity, one day at a time. 🔻 Read. Orient. Decide. Act.
Consuelo Pelayo @cotypelayo
1K Followers 3K Following Periodista, amante de la CYT, la ciencia ficción, un buen libro y una copa de syrah
jsp_0x @jsp_0x
10 Followers 640 Following
. @nothingon100
0 Followers 115 Following
Erik Mid @ErikMid144980
0 Followers 17 Following
zed shezzen @ZShezzen
71 Followers 3K Following Man | Builder | Quant | Math | Growthmaxxer | $1B is my Goal. Dm to invest in my seed round!
Hernán @HernanLife
269 Followers 2K Following “Sólo hay un éxito: el ser capaz de emplear tu vida a tu manera.” -Christopher Morley 👨💻Ingeniero de Sistemas 🕺💃Salsa y Bachata
Marcelo @dead_marcelo
5K Followers 6K Following Trabalhando computadores, esperando por dias melhores.
Ali Plucinski @Cybernerd1234
1 Followers 82 Following
jLo @dropEaves10
0 Followers 37 Following
Incentive Pervert @IncentivePerv__
28 Followers 895 Following
Vikas @wikazp
284 Followers 827 Following Slytherin , unagi expert, washed-up athlete, especially gifted napper and someone who tweets about tech. Occasional photographer
Zippidydoda @Zippidydodaaa
0 Followers 448 Following
aladeen @chiefofbagistan
0 Followers 327 Following
Kizinga @IncKizinga16933
4 Followers 458 Following
Gandalf The Blockchai... @LucaBlockChain
12 Followers 508 Following
cry0g3nix @arimoyal
105 Followers 2K Following
Lktor @Lktor_
1 Followers 45 Following
Andrew Jackson @AJ45999
208 Followers 8K Following
Jill @jillawill55
0 Followers 16 Following
Youssef Madkour @M4lB3nder
56 Followers 937 Following Malware Researcher & Detection, Threat Analyst
P4ul1SnM4rt1n @Pauli_SnMartin
48 Followers 259 Following
Peter Djalaliev @herebedragonsio
17 Followers 122 Following Infosec professional - vulnerability response, ethical hacking. Husband and dad. All opinions here are my own and not the views of my employer.
LMAO @wlio210728
33 Followers 889 Following Love, Peace, Freedom, Justice, Kindness, Equality, Respect, Safety, Happiness …… The fundamental values of humanity are universal
Pharaoh @Rohanr935428
0 Followers 442 Following
Nxbsec @Nxbsec
0 Followers 200 Following
☁ @maidencrest
210 Followers 527 Following
Cyber Slayer @cyber_slayer09
1 Followers 149 Following
Hnt0x @Chennadi3x
2 Followers 176 Following
h9d3s @h9d3s_
1 Followers 95 Following
Trace @AdilJav40171425
0 Followers 224 Following
vx-underground @vxunderground
437K Followers 357 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Michael Koczwara @MichalKoczwara
25K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Germán Fernández @1ZRR4H
38K Followers 464 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher at https://t.co/rDrSxZStZD | @CuratedIntel Member | 🥷🧠🇨🇱
The DFIR Report @TheDFIRReport
67K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion
Kostas @Kostastsale
20K Followers 384 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
Unit 42 @Unit42_Intel
69K Followers 81 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Max_Malyutin @Max_Mal_
13K Followers 307 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”
Microsoft Threat Inte... @MsftSecIntel
196K Followers 998 Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.
J⩜⃝mie Williams @jamieantisocial
12K Followers 7K Following threats && stuff || #UNC1799 forever 🤘|| @DistrictHeather ♥️ + 🍷, ✌️🇺🇸➡️🇫🇷 **𝚅𝚒𝚎𝚠𝚜 𝚎𝚡𝚙𝚛𝚎𝚜𝚜𝚎𝚍 𝚊𝚛𝚎 𝚖𝚈 օ𝚠𝚗**
Bmth2600🎡🏖️ @bournemouth2600
335 Followers 193 Following The 2600 Hackers of Bournemouth who meet on the First Friday of Every Month. Talks, Workshops, Panels, Drinks! All are welcome 💻 | Account run by a random guy
Joe Roosen @JRoosen
9K Followers 2K Following SpyCloud - Director of Security Research, Cryptolaemus, Emotet(Ivan)/QBot(Boris) Destroyer, gold prospector & former sysadmin. retweet != endorsement.
Ollie Whitehouse @ollieatnowhere
6K Followers 1K Following CTO @NCSC Former: PortSwigger, Interrupt Labs, NCC Group, BlackBerry, Symantec and Atstake
Steve YARA Synapse Mi... @stvemillertime
18K Followers 1K Following AI threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
The Vertex Project @vtxproject
3K Followers 4K Following On a mission to create an intelligence-driven future with Synapse.
Intel-Ops @Intel_Ops_io
2K Followers 4 Following Adversary Infrastructure Hunting & Training Curated Threat Intelligence Feed (Coming Soon) https://t.co/N9OKrTrvV0 https://t.co/3YFZfEbgpI
Mark Kelly @markkelly0x
727 Followers 425 Following Threat research @Proofpoint 🇨🇳 | Member @CuratedIntel | former @RecordedFuture
Pulsedive Threat Inte... @pulsedive
3K Followers 286 Following Frictionless threat intelligence solutions for growing teams. On-demand searching, scanning & enrichment for the security community.
1ce7ea @1ce7ea
1K Followers 159 Following
Lena 🏳️🌈�... @LambdaMamba
5K Followers 526 Following Creator of https://t.co/kdXvRaVEEf | Founder of @MalwareVillage | (Un)Natural Scientist | 🇬🇧 with wife ❤️
monty @_montysecurity
682 Followers 231 Following threat hunter | profile art credit @vxunderground @pancak3lullz
CYBERWARCON @CYBERWARCON
6K Followers 570 Following #CYBERWARCON 2025 Registration and CFP are now open | 📧 Subscribe to receive updates at https://t.co/5lb0WvK6MJ
tas_kmanager@infosec.... @tas_kmanager
942 Followers 2K Following ☁️🛡️ opinions are mine. food, music and astrophotography when afk. @TheDFIRReport @CuratedIntel #ThreatHunting #DetectionEngineering #DFIR #CloudSecurity
Daniel López @0xDanielLopez
2K Followers 539 Following Cyber Threat Researcher | @CuratedIntel member | https://t.co/Qca1zowojF | https://t.co/RDJsBcoh0y
. @4n6Bexaminer
1K Followers 773 Following
Kevin Holvoet @digihash
2K Followers 851 Following Cyber Threat Research Lead @CCB_Belgium/@CCBalert | #FOR578: #CTI @SANSInstitute instructor | @CuratedIntel | loves to try new things: food, beer whisky, etc.
josh @joshhighet
1K Followers 799 Following
Sean O'Connor (He/Him... @vHUMINT
938 Followers 2K Following Head of @Equinix Threat Analysis Center (ETAC) | @SANSInstitute FOR589 Author | @curatedintel contributor | Husband, Father, Veteran | Thoughts are my own
InfoSecProf @_John_Doyle
2K Followers 963 Following Cyber threat intelligence | Palo Alto Unit 42 | SANS FOR578 instructor | Arcane Trickster | Ex-Mandiant | Ex-CIA | Posts represent my personal views
CD-R0M @CD_R0M_
1K Followers 1K Following IR @Mandiant | Interested in #DFIR and #ThreatIntel | Tweets attributable to me and not my employer
Aaron Roberts @AaronCTI
2K Followers 1K Following Founder @PIntelligenceUK, Training @kasescenarios, Owner of #MontyTheCyberCorgi. Webinars/Exec @OSINT_Community 🦋 https://t.co/ndZLVUhk6V
(╯°□°)╯︵ S�... @cybersecstu
29K Followers 4K Following Enough internet for today, enough cyber security for a lifetime. Mostly not here.
Alexander Leslie @aejleslie
4K Followers 470 Following Cybercrime & Hacktivism @RecordedFuture | @Georgetown, @AmericanU Alum. | @CuratedIntel Member | #ChiefsKingdom | Same handle on the other sites.
Danny @B4nd1t0_
434 Followers 714 Following USAF Veteran | Threat Hunter (DFIR) | Membership: @DeadPixelSec, @BlueTeamVillage, @curatedintel | DnD Nerd | pfp by @cyangmou | banner by @soarerv1
A10 Networks @A10Networks
15K Followers 16K Following A10 Networks provides secure, scalable application services for on-premises, cloud and edge-cloud environments.
Ohad Zaidenberg @ohad_mz
2K Followers 926 Following Forbes 30 Under 30 @Forbes | Head of Intelligence @abinbev | Founder @ctileague | @SANSInstitute Difference Makers Award WIRED25 @wired | Opinions are mine
Zach @svch0st
4K Followers 1K Following Everything DFIR @TheDFIRReport | @CuratedIntel | @XintraOrg https://t.co/ggakuKBS0S
Colin Cowie👨🏼�... @th3_protoCOL
3K Followers 881 Following Threat Intelligence 🏹 Malware Research 🧬 Managed Detection and Response @Sophos
Chelsea @seadev@infos... @seadev3
389 Followers 464 Following Efficiency enthusiast. Here for the swag. Tweets != employers @CuratedIntel Member
Danus @danusminimus
2K Followers 518 Following Member of @CuratedIntel | Researcher at @Pillar_sec | AI Security | OSCP
Malwar3Ninja | Threat... @Malwar3Ninja
4K Followers 3K Following Malware Hunter | ⚡🆓Threat Intelligence: @threatviewio | Cyber Defense | DFIR | Views are personal | Retweet≠endorsement | 🍺🥃
@[email protected]... @nordenlund
101 Followers 310 FollowingYou might like
