Andrew Pease @andythevariable
Elastic Security Labs Technical Lead. Lawful Neutral. Threat Hunting with the Elastic Stack author. Retired CW4. elastic.co/security-labs/… Joined May 2019-
Tweets514
-
Followers1K
-
Following287
-
Likes3K
The attempts at environmental anti-tamper techniques to encrypt the payload were clever…just not enough. #tclbanker #ref3076
We uncovered a new Brazilian banking trojan campaign: TCLBANKER. What makes TCLBANKER notable isn’t just the malware itself, but how it spreads. The campaign uses compromised WhatsApp and Outlook accounts to propagate through trusted user relationships, deploys targeted banking
Elastic Security Labs warned that attackers are targeting crypto users through Obsidian community plugins that silently install PHANTOMPULSE malware. They lure victims into opening a shared cloud vault in the note-taking app.
points to the same Phantom panel, so convicted #PHANTOMPULSE ! h/t @soolidsnakee
LET'S GO! That first query caught another TX today. New domain! Presumably #PHANTOMPULSE. `https://gfsdjjg33jfk[.]com` eth.blockscout.com/tx/0xc27d78ce1…
Tremendous work @soolidsnakee!
"Salary Slips.exe." "Dont Delete.exe." "Important.exe." These are the filenames BRUSHWORM copies itself as when spreading across USB drives in a targeted attack on a South Asian financial institution. Elastic Security Labs uncovered two custom components working together: a
Bravo for releasing this. There's a reason these are successful: they spend a lot of resources to make them so. Putting this stuff out in the public is how we raise all ships.
‼️ The axios lead maintainer has gone public on how he was socially engineered into installing the malware behind the npm supply chain attack. We have example images showing exactly how the attack was staged.
Seeing this tool in action is fantastic, but don’t sleep on the fact that it was also released for your environment github.com/elastic/supply…
One of our researchers built an AI powered supply chain monitoring tool on a Friday afternoon. The following Monday night it caught the Axios npm compromise before most people knew it existed. Elastic Security Labs is open sourcing the tool. Full story by @dez_ here:
New blog post - prioritizing alerts triage with higher-order detection rules elastic.co/security-labs/…
Analysis of the macho malware used in the Axios supply chain compromise gist.github.com/joe-desimone/f…
We are working it, sharing what we know as of now - gist.github.com/joe-desimone/3…
Now let's talk attribution. @DefSecSentinel quickly pointed to DPRK 🇰🇵. Remarkable similarities to WAVESHAPER / UNC1069
Analysis of the macho malware used in the Axios supply chain compromise gist.github.com/joe-desimone/f…
Not to mention: @SBousseaden @RFGroenewoud @andythevariable Go follow them too, they do cool shit, constantly.
If you've not seen the work that @dez_, @DefSecSentinel and the whole @elasticseclabs team have published on Axios, you're missing out.
If you've not seen the work that @dez_, @DefSecSentinel and the whole @elasticseclabs team have published on Axios, you're missing out.
Speaking of finger-pointing...we're lookin' at you #UNC1069
We have discovered a massive supply chain compromise in the Axios npm package. A backdoored maintainer account delivered a cross-platform RAT for Linux, Windows & macOS, targeting the Axios package, which has ~100M weekly downloads and is in the top five most popular Node.js
Big work by the whole crew on this. Detections first, then analysis and finger-pointing.
ElasticSecurityLabs detects the Axios npm supply chain attack across Linux, Windows & macOS. Our behavioral detections caught it without relying on static indicators. Full malware analysis dropping soon: go.es.io/488UwvJ
@IceSolst This is *exactly* what I am feeling. But, after I chatting with folks at [un]prompted, it felt like everyone is ahead of me. The only person I chatted with that was able to concretely describe implementation details was at Elastic, and had access to OS and AI logs.
We are tracking #clickfix campaign hosted and served by two compromised websites. Lua in-memory script loader and a #RAT that we are naming #MimicRat. A blog post will follow soon on @elasticseclabs. www.ndibstersoft[.]com d15mawx0xveem1.cloudfront[.]net xMRi[.]neTwOrk
All Python spin for the Elastic Container Project is available if anyone wants to kick the tires. Probably going to archive the Bash version at the end of 2025(ish) #elasticcontainerproject github.com/peasead/elasti…
@DanielStepanic and @elasticseclabs are keeping on top of #REF7707 and their new RAT - #NANOREMOTE
New from the developer of #FINALDRAFT: Meet #NANOREMOTE, a newly-discovered Windows backdoor that leverages the Google Drive API for data theft and payload staging. Get the full analysis and defense strategies: ela.st/nanoremote
Nasreddine Benchercha... @nas_bench
12K Followers 1K Following Detection @Splunk & @cisco | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner
Justin Elze @HackingLZ
70K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Kostas @Kostastsale
20K Followers 384 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Christopher Peacock @SecurePeacock
7K Followers 2K Following #PurpleTeam | Ex @RaytheonTech MSSP, @SCYTHE_IO, & @GD_OTS | Taught at BlackHat & DEFCON | #100DaysofSigma | Keep exploring, keep learning, and stay curious
Andrew Thompson @ImposeCost
41K Followers 2K Following Head of Global Signals Operations @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.
Devon Kerr @_devonkerr_
8K Followers 767 Following Director of DE&TH @HuntressLabs and custodian of secret histories. Posts are my own.
Daniel Stepanic @DanielStepanic
1K Followers 645 Following Malwarez at @elasticseclabs | Macrodata Refinement
Matthew @embee_research
14K Followers 2K Following Security Researcher, Creating and Sharing Educational Content.
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Tony Lambert @ForensicITGuy
6K Followers 1K Following Recovering sysadmin that now chases adversaries instead of uptime. Sr Malware Analyst @redcanary
The Haag™ @M_haggis
10K Followers 2K Following Threat Researcher | Co-Host of Atomics on a Friday | LOLDrivers & Atomic Red Team Maintainer | I'm Everywhere and Nowhere - BSG.
James @jamesspi
1K Followers 537 Following Helping folk do security things with @elastic. Views are my own. Creator of https://t.co/FY2IQ2eAhe, https://t.co/aDuzYgUuYw, https://t.co/qz9J8Kb0v3 and https://t.co/eiiVHgqb5G
J⩜⃝mie Williams @jamieantisocial
12K Followers 7K Following threats && stuff || #UNC1799 forever 🤘|| @DistrictHeather ♥️ + 🍷, ✌️🇺🇸➡️🇫🇷 **𝚅𝚒𝚎𝚠𝚜 𝚎𝚡𝚙𝚛𝚎𝚜𝚜𝚎𝚍 𝚊𝚛𝚎 𝚖𝚈 օ𝚠𝚗**
Paul Melson @pmelson
14K Followers 1K Following Author/Operator of @ScumBots. Blue Team by day, Blue Team by night. Opinions, typos, and bad grammar do not represent my employer. He/Him
Emma coldheart @pemmav545
1 Followers 317 Following cozy, crybaby, chronically here ☁️ follow back always
Marvin Amador @kyl4nprax
67 Followers 1K Following Investigador de Seguridad (CEH | CTIA | CompTIA Network+) | Pasatiempo: Análisis de Malware y Cacería de Amenazas… Happy Hunting!!! #SISAP #MakeITsecure
CTI Updates @CTI__Updates
37 Followers 680 Following Updates about all things threat intelligence & updates about stuffs going on in the cybersec, ransomware, OSINT, SOCMINT, and hacking communities. #threatintel
PierreM @eG9kdXM
0 Followers 8 Following
isenhu @isenhu
33 Followers 3K Following
Mahmoud @MahmoudSoheem
0 Followers 334 Following
T G @arcaan_5
54 Followers 2K Following Listening is strength. Silence is foundation. Justice grows from peace. 🜁👁️
whathehack81 @whathehack81
68 Followers 722 Following Red_team analyst, senior security research, and architecture. Cybersecurity professional MBA computer and networking sec
Silas Cutler (p1nk) @silascutler
14K Followers 2K Following You may know me from your logs Principal Security Researcher @Censysio #Threats / #CTI / #Malware / #Hacking
TM @Thandaninkosi
72 Followers 948 Following
OneWildSoul @OneWildSoul1
18 Followers 975 Following
Tyler @twoj0
1 Followers 211 Following
Eric Freeman @eric_m_freeman
58 Followers 602 Following I’m in security. I used to cook professionally. I am clearly a masochist because of my career choices. Desperately trying to avoid the perma-underclass.
alex @alex95425594
3 Followers 313 Following
David Perez @anakinswal
298 Followers 2K Following |#CC |#CTIA |#ECIH |#eCTHP|#eCIR |Intel Ops Padawan |All systems are vulnerable (People2) |PurpleTeam addict👾 |Retrato atardeceres 🌅 |Destilo gin🍸|Cultivo 🍄
prakhar gupta @gupta_prakhar96
14 Followers 1K Following
terrence @tstank
464 Followers 4K Following Father, Runner, Linux Admin, TurboNerd, USMC Veteran, Aspiring Security Pro.
Willem D'Haese @willem_dhaese
12 Followers 1K Following Private account. All opinions expressed here are mine only (not of my employer etc).
Charles Bolton @Charles97778737
11 Followers 705 Following
Orhan Duz @orhanduz
759 Followers 4K Following
Welch Sec @wwwelchsec
39 Followers 1K Following I post honeypot data. 🍯 These are observed connections and not confirmed attackers. IPs may be compromised systems or researchers. Sharing for threat intel.
Fahad AL Mekhlafi @almekhlafifahad
318 Followers 1K Following Innovation | Digital & AI Transformation | Research & Development | Academic Publishing | GRC | Entrepreneur | Cybersecurity | IoT | Enterprise Architecture
Cillian Fagan @cillian_fagan
99 Followers 4K Following Sec Enthusiast | I like my priv@cy 🐧 and heavy music 🤘
Hossam @0xHossam
1K Followers 2K Following AdvSim / Red Team @CyShieldCompany | interested in malware & windows security research
Pandurang Terkar @PandurangTerkar
16 Followers 282 Following
Sathwik Ram Prakki @PrakkiSathwik
2K Followers 1K Following Security Researcher @GroupIB_TI | APT Hunting | Malware/RE | Threat Intelligence | Darkweb/CTI | Opinions are my own | Ex-@Seqrite/@quickheal
Geng Yang @geng_zast
49 Followers 536 Following Co-founder & CEO @zast_ai 50% Builder 🛠️ & 50% Breaker 💥| Building the immunity system for code | AI-Powered Vuln Research | Zero False Positives. 📍Bellevue
NotThing @Merisnotreal
11 Followers 582 Following
egre55 @egre55
4K Followers 2K Following Founder @PwnedLabs | Real-world cloud attack and defense tradecraft
Sebastian Eric @EricSebast5636
51 Followers 567 Following Affirmed health/wealth/self elevation.👁️ Message from the Universe spiritual Awakening, Universe Guidance Sending Healing Energy, Follow the light 💥
𝔻𝕖𝕩𝕥�... @0xdxz
4 Followers 439 Following
Khush @Khushalchopra5
3 Followers 561 Following
Oppe ☣︎ @Oppenheim3r
118 Followers 592 Following
vx-underground @vxunderground
436K Followers 356 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Nasreddine Benchercha... @nas_bench
12K Followers 1K Following Detection @Splunk & @cisco | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner
Elastic @elastic
65K Followers 182 Following Where developers learn, build, and share. Your source for hands-on demos, cheat sheets, explainers and more.
Kostas @Kostastsale
20K Followers 384 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Unit 42 @Unit42_Intel
69K Followers 81 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Mehmet Ergene @Cyb3rMonk
14K Followers 451 Following Learn Threat Hunting, Detection Engineering, DFIR, and KQL https://t.co/uAlYlXIXot @BluRavenSec Microsoft Security MVP #ThreatHunting #DataScience
Michael Koczwara @MichalKoczwara
25K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
blackorbird @blackorbird
42K Followers 703 Following Peace and Love. Just Analysis/Hunter/Youtuber/AiCoder/Entrepreneur/. #APT #threatIntelligence #Exploit #CTI #meme #cyber #hacker #OSINT #Ai Need Remote Job
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Andrew Thompson @ImposeCost
41K Followers 2K Following Head of Global Signals Operations @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.
SwiftOnSecurity @SwiftOnSecurity
409K Followers 9K Following computer security person. former helpdesk.
Dave Kennedy @HackingDave
231K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
MalwareHunterTeam @malwrhunterteam
254K Followers 37 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
The DFIR Report @TheDFIRReport
67K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion
Germán Fernández @1ZRR4H
38K Followers 464 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher at https://t.co/rDrSxZStZD | @CuratedIntel Member | 🥷🧠🇨🇱
hasherezade @hasherezade
90K Followers 952 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
App Economy Insights @EconomyApp
237K Followers 390 Following • App Economy investor • French in Silicon Valley • Gaming industry veteran • Previously @PwC & @BandaiNamcoUS • 300K+ read my newsletter How They Make Money
This You? @Thiss_Youu
223K Followers 22 Following There's always a tweet. DM me for submissions or collabs
The North Korean Comp... @dprkcert
4K Followers 1K Following Defend Tomorrow, Secure Today! Official Computer Emergency Response Team (CERT) for the Democratic People's Republic of Korea #EnjoyPropaganda
Midjourney @midjourney
417K Followers 0 Following A community supported research lab - exploring new mediums of thought and amplifying the imaginative powers of the human species.
۟ @dryhumpmemommy
12K Followers 194 Following pro wrestling enjoyer. deftones/three days grace appreciation page. stay away from love. turn on notis #LetEmKnow
Adhithya Suresh Kumar @amun_rha
685 Followers 1K Following Detection Engineer @SentinelOne | Reverse Engineer | Former Lead & CTF Player @teambi0s
tonghuaroot @tonghuaroot
468 Followers 4K Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #OSEP #MSCS #RedTeam #AppSec #WebSec
MagicSword @magicswordio
1K Followers 30 Following It Ends with Us! ⚔️Watch 📺 https://t.co/zofSxbxVDA Follow 🥷 https://t.co/kGRIGi9ayg Read 📓 https://t.co/BowPLUlcB0
MA5K CEO @Nobbie_OCs
63K Followers 2K Following OCs and Fictional military art posting DM for credit/removal (sorry in advance) PFP by @WolfdawgArt Sources in alt text
Simone Margaritelli @evilsocket
48K Followers 2K Following Music, cybersecurity, open source and AI • Author of bettercap, pwnagotchi, opensnitch, bleah, legba and a few other things. Chief Architect @ 🥷
Luke Miller @CloudSecLuke
64 Followers 577 Following Husband, Father | @usairforce Veteran | Senior Security Engineer | Volunteer @OhioCyber | Founder @codebridgecincy – building bridges in tech & community
Conspiratorial Templa... @mynamehear
24K Followers 7K Following They did it. You know who. THEM. Vote blue. Democracy vs. dictatorship should not be a difficult choice.
security_dumpster @securitydumpstr
140 Followers 336 Following 303: @ https://t.co/I4aYuNOKKY Life long snowboarder and opportunist threat hunter | my views are my own
Morgan Demboski @MorganDemboski
1K Followers 691 Following Cyber Threat Intel Analyst 🏹 @Sophos | A self-proclaimed expert in cyber & geopolitics (opinions = my own)
Mudge @dotMudge
63K Followers 336 Following Make a dent in the universe. Find something that needs improvement: go there and fix things. If not you, then who? {he/they}
Shooter McGavin @ShooterMcGavin
2.1M Followers 68 Following Former #1 golfer in the world and an all-around bad guy.
Star Wars Holocron @sw_holocron
242K Followers 3K Following Hub for Star Wars news, reviews, trivia & more! Other accounts: @mar_tesseract @DCMotherbox @horrornecronom @theHolofiles. Contact: [email protected]
Daniël 💫 @senattoramidala
1K Followers 488 Following Revenge of the Sith enthusiasts 🚀 met Hayden Christensen 1x • he/him • swagmin follows 🫶 #YordHorde
Vader's Order @VadersOrder
22K Followers 625 Following • Star Wars YouTuber (500k+) • For business inquiries: [email protected]
ADHD Memes @ADHDForReal
381K Followers 206 Following Sharing our neurodivergent experiences helps us realize that we are not alone. Most memes are on ADHD, some are on Autism and others are just me being silly.
Julian-Ferdinand @JulianVoeg
842 Followers 411 Following Threat Research @RecordedFuture. Formerly @SecReLabs. He/Him. 🏳️🌈 [email protected]
Aleksandar Milenkoski @milenkowski
2K Followers 590 Following Cyber Threat Intelligence & AI Innovation | PhD | European Commission Marie Curie Research Fellow 2011-2014 | Personal Profile
shirts that go hard @shirtsthtgohard
1.3M Followers 939 Following Check the link in bio to shop our shirts :) Designs I sell are my own. DM for credit! I tag original creators whenever possible. We’re @/goodshirts on IG!
wild bumper stickers @wildbumper
175K Followers 5 Following
Dark Web Informer @DarkWebInformer
215K Followers 76 Following One guy. Global cybercrime. Tracked so you don't have to. Ransomware, data breaches, dark web activity, darknet markets, IOCs & emerging threats. Stay informed!
Eman Esfandi @EmanEsfandi
23K Followers 77 Following All that I do, I do with love… ya heard! @dragonwulf_army
𝓔𝓶 ♡ @emkenobi
71K Followers 502 Following ur favorite egirl with incredibly based opinions. | also @emsferatu & @notemkenobi
Caleb 💥📽 @Indyoda013
2K Followers 1K Following Dave Filoni of TikTok | Skeleton Crew Guy | Aussie Creator | ✉️ = [email protected]
QG Jenna 🖤 @QuiGonJenna
11K Followers 4K Following Hi, I'm Jenna. 🖤 Late thirties. Mom. More than a little obsessed with the galaxy far, far away. ✨ (she/her) We celebrate all Star Wars here. 🫶
gilly⁵⁰¹ 💌 ma... @ahsokasgoggles
6K Followers 3K Following #THEBADBATCH — eyes full of stars, hustling for the good life 💫🌚🪐 star wars lover | new york rangers + anaheim ducks enthusiast | taylor swift listener
chompie @chompie1337
88K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Phone Wallpapers @PhoneWaIlpapers
1.1M Followers 0 Following Best Phone Wallpapers on the internet | DM for inquiries/credit
Chris Hallbeck @ChrisHallbeck
18K Followers 903 Following Cartoonist. Animator https://t.co/3FyEcO3sb0
Trends for United States
You might like
