Tommy M (TheAnalyst) @ffforward
Threat Researcher @proofpoint | @Cryptolaemus1 Joined May 2010-
Tweets4K
-
Followers15K
-
Following195
-
Likes6K
@malwrhunterteam Likely who we call TA4922, some details in proofpoint.com/us/blog/threat… Some outlets calls them "Silver Fox APT" based on... that they, like every small-time Chinese threat actors, use WinOS 4.0/ValleyRAT where the source code was leaked... in 2022... 🤷♂️
Proofpoint threat researchers identified a new malware-as-a-service named #TrustConnect. Notably, it masquerades as a legitimate remote monitoring and management tool, marking an evolution in how attackers weaponize trust around enterprise tooling. brnw.ch/21x05Vh
Thanks to the proofpoint team for highlighting "TrustConnect Software PTY LTD". The actor got the cert hoping to look like a legitimate RMM—but in collaboration with Proofpoint—we didn't let them maintain the illusion. See Proofpoint's blog for all the details.
Would you run AdobeReader.exe from a days-old company called "TrustConnect Software PTY LTD" just because they managed to purchase an Extended Validation certificate? New blog out together with @proofpoint @threatinsight proofpoint.com/us/blog/threat…
Would you run AdobeReader.exe from a days-old company called "TrustConnect Software PTY LTD" just because they managed to purchase an Extended Validation certificate? New blog out together with @proofpoint @threatinsight proofpoint.com/us/blog/threat…
@malwrhunterteam Bot that is installed after the stealer in this campaign for example: jeromesegura.com/malvertising/2… Exfils data > 38.244.158[.]56/contact > Trojanize Ledger (sassonco[.]com/zxc/app.zip and Trezor sassonco[.]com/zxc/apptwo.zip> above URL via installBot(homeDir, cachedPassword, botUrl)
As the security landscape evolves and expands, Proofpoint observed many threat actors disappear from email threat data in 2025. But TA584 maintained operational consistency, w/ recent shifts demonstrating its attempt to infect a broader range of targets. brnw.ch/21wZsWU
@malwrhunterteam @LogMeIn Resolve, a lot of abuse of it right now. companyid=621183840131085098
@malwrhunterteam Some similarities how the PowerShell loader works. But if I recall correctly this older thing instead used Deno to to download and run Python+script, not sure I looked much deeper than that
@malwrhunterteam BTW looked at this thing back in September that likely is related: virustotal.com/gui/domain/fet… which then goes back to at least January last year.
@vxunderground @malwrhunterteam @nullableVoidPtr Nice writeup, but Smokest might not be a good name, its likely just a campaign indicator. Example virustotal.com/gui/file/0bd1d… Fake OBS > Donut > Amadey > Various MSI > PowerShell that I have seen lead to either this or CastleRAT via Python loader, Smokest120[.]zip.
@malwrhunterteam x.com/ffforward/stat…
@vxunderground @malwrhunterteam @nullableVoidPtr Nice writeup, but Smokest might not be a good name, its likely just a campaign indicator. Example virustotal.com/gui/file/0bd1d… Fake OBS > Donut > Amadey > Various MSI > PowerShell that I have seen lead to either this or CastleRAT via Python loader, Smokest120[.]zip.
@LunchM0n3ey9090 Looks like Tsundere Bot?
@abuse_ch @Bitsight I suggested #WallStealer due to the calculation of wallpaper hash but if someone already have a name thats fine too 😅
Proofpoint is proud to have assisted law enforcement in the #OperationEndgame investigation that led to the Nov. 13, 2025 disruption of #Rhadamanthys and #VenomRAT—#malware used by multiple cybercriminals. Rhadamanthys: brnw.ch/21wXsCc VenomRAT: brnw.ch/21wXsCd
Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint US #cybercrime #shipping #cargo #freight #trucking #rmm #fleetdeck #logmein #nable #pdqconnect #screenconnect #simplehelp proofpoint.com/us/blog/threat…
Since 14 Oct., we’ve tracked a high volume XWorm campaign targeting Germany. The activity is attributed to TA584, a sophisticated #cybercrime group tracked since 2020. Messages are sent from hundreds of compromised sender accounts impersonating ELSTER and contain malicious URLs.
Threat actors continue to abuse GitHub to deliver malware, this time: #LummaStealer. We identified GitHub notification emails that kick off the attack chain. Messages are sent when the threat actor, using an actor-controlled account, comments on existing GitHub issues. 🧵
@anyrun_app @threatinsight Thanks, and as always very impressive to see these chains run fully in a public sandbox, with all their filtering and various tricks it's very uncommon.
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
mRr3b00t @UK_Daniel_Card
122K Followers 8K Following Department of Cyber WAR. Member of the Counter Spider Collective. Wielder of AI to defend in Cyber Space. Ralph Vibe Specialist. VibeOps Operator!
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Justin Elze @HackingLZ
70K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Kostas @Kostastsale
20K Followers 384 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Stephan Berger @malmoeb
29K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Max_Malyutin @Max_Mal_
13K Followers 307 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”
blackorbird @blackorbird
42K Followers 703 Following Peace and Love. Just Analysis/Hunter/Youtuber/AiCoder/Entrepreneur/. #APT #threatIntelligence #Exploit #CTI #meme #cyber #hacker #OSINT #Ai Need Remote Job
Germán Fernández @1ZRR4H
38K Followers 464 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher at https://t.co/rDrSxZStZD | @CuratedIntel Member | 🥷🧠🇨🇱
James @James_inthe_box
22K Followers 466 Following
Karsten Hahn @struppigel
26K Followers 785 Following MalwareAnalysisForHedgehogs, Principal Malware Researcher at GDATA, he/him 🦔🌈🏳️⚧️
JAMESWT @JAMESWT_WT
37K Followers 545 Following #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
Gi7w0rm @Gi7w0rm
19K Followers 819 Following Threat Intelligence Analyst | Projects: https://t.co/azRpNg9NJQ & https://t.co/SyvUfXpbmI | If I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p 🇪🇺🇩🇪🇺🇦🌈
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Matthew @embee_research
14K Followers 2K Following Security Researcher, Creating and Sharing Educational Content.
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Kimberly @StopMalvertisin
17K Followers 630 Following Security Researcher | Cyber Threat / Malware Analyst | Ex Sr. Threat Analyst @ Proofpoint | Founder of Stop Malvertising
Matt Zorich @reprise_99
15K Followers 2K Following @Microsoft Security | https://t.co/HWozKuixTi | Tweets are my own | 🇦🇺
David Isaiah Abrio @middleChild1229
0 Followers 37 Following
X @X6z4d
0 Followers 118 Following
Bleak @Bleak505
0 Followers 96 Following
Makmur Riadi Kwan @RiadiKwan16198
0 Followers 374 Following
Malcolm Murad @MalcolmMur39263
0 Followers 249 Following
@pedri77 @pedri77
2K Followers 5K Following Entusiasta de la (in)seguridad informática, Security Manager, CEH, CHFI
mr-stupid @MStupid49754
38 Followers 328 Following CTF Player | Reverse Engineering & Malware Analysis | Archlinux USER btw
Davide Falco @O_Davide_Falco
0 Followers 31 Following
Steve @Jeepcj24
44 Followers 1K Following Crazy Cell Tower Fixer, gamer, just really getting into WOW...fps convert...overall boring person.... :)
Cybersmiles @Cybersmilerg2j
0 Followers 151 Following
CyberX @CyberXlx9q
64 Followers 671 Following 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗡𝗲𝘄𝘀 | 𝗗𝗮𝘁𝗮 𝗟𝗲𝗮𝗸𝘀 | 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 | 𝗗𝗮𝗿𝗸 𝗪𝗲𝗯 Tracking breaches, threats & underground intel
James Rusher | Open T... @jrusher007
3 Followers 73 Following Ready to deliver senior level work and exceed your expectation A collaborative team player with a receptive attitude and excellent communication skills. A depe
Farellaudris @farellaudris
71 Followers 739 Following CyberSec Consultant | Red team | Bug Hunter | | OSCP | OSWP | CRTP | CRTE | EWPTX | CEH (Master) | CHFI (Forensic Investigator) | OSCE | CISSP-ISSEP
Mateusz @VirtualParticl3
2 Followers 93 Following
Noddy @cybercmdcore12
3 Followers 113 Following
Victoria Robinson @Tech_Toria
3K Followers 1K Following #Cybersecurity Analyst | AI Security Researcher | Mentor at CyberGirls Fellowship | Co-Author of AI Security Whitepapers | Empowering Women in Tech I Speaker
3ln0ch1 @3ln0ch1
2 Followers 230 Following
Skmill @J0rd1_s3rr4n0
3 Followers 38 Following
Louise Anne Portentad... @AnneLap042577
10 Followers 236 Following
0xDbg @0x_dbg
8 Followers 827 Following
unknownUnknown @whoknowwhoknow9
2 Followers 78 Following Xitter C'est de la merde, ça donne une vision de la société. Utopiste a tout heure.
pulsar @pulsar1253062
0 Followers 95 Following
Crystal Diaz @H1D3inPlainS1t3
119 Followers 1K Following InfoSec Jedi Knight. Cleveland Native that hails all Cleveland sports. Gamer with no time to game. Twitter survivor😎 🇵🇷
Nxbsec @Nxbsec
0 Followers 203 Following
Phoenix @kongsec005
0 Followers 24 Following
A. Grey @AGrey15827299
0 Followers 20 Following
🕯 @q2D1wikvtE
46 Followers 647 Following
Federico Fantini @fede_fantini_99
1 Followers 97 Following Threat Intelligence Analyst and Malware Analyst | MSc in Computer Science | Self-hoeter
Hanzo Hasashi @H4nz0H4s4sh1
20 Followers 310 Following Acecho en sombras digitales, descifro códigos. La ciencia es mi arma, la informática mi escudo. Bailo con algoritmos mientras los motores rugen. #CyberSecurity
Pandurang Terkar @PandurangTerkar
16 Followers 283 Following
carlos vargas @carlosyoungpte
38 Followers 813 Following
Faisal | الفَيْ... @Al_Faisal_sy
249 Followers 973 Following مسلم سني عربي من بلاد الشام 🇸🇾 هم المسلمين همي
Deep Kaushik @phoenixkaushik
0 Followers 148 Following
Jack Peaches @jack_peaches
180 Followers 7K Following Opinions are not my own. A muse tells me what to post or do and right now she is disappointed in you. We can do better.
Codenirvana @malwareranalyst
1 Followers 55 Following
Mine @_quynhhmaii_
3 Followers 121 Following
vx-underground @vxunderground
437K Followers 357 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
MalwareHunterTeam @malwrhunterteam
254K Followers 37 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
mRr3b00t @UK_Daniel_Card
122K Followers 8K Following Department of Cyber WAR. Member of the Counter Spider Collective. Wielder of AI to defend in Cyber Space. Ralph Vibe Specialist. VibeOps Operator!
BleepingComputer @BleepinComputer
254K Followers 205 Following Breaking cybersecurity and technology news, guides, and tutorials that help you get the most from your computer. DMs are open, so send us those tips!
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Unit 42 @Unit42_Intel
69K Followers 81 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Kostas @Kostastsale
20K Followers 384 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Max_Malyutin @Max_Mal_
13K Followers 307 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”
The DFIR Report @TheDFIRReport
67K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion
Germán Fernández @1ZRR4H
38K Followers 464 Following 🏴☠️ OFFENSIVE-INTEL 🏴☠️ Cyber Threat Intelligence by Hackers | Security Researcher at https://t.co/rDrSxZStZD | @CuratedIntel Member | 🥷🧠🇨🇱
ςεяβεяμs - м�... @c3rb3ru5d3d53c
26K Followers 242 Following 💕 Malware Reverse Engineer & Malware Geneticist 💕 #Binlex Developer https://t.co/EKYUS9Itvd 👩💻 She/Her
James @James_inthe_box
22K Followers 466 Following
JAMESWT @JAMESWT_WT
37K Followers 545 Following #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Will Dormann is on Ma... @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. I used to be here on Twitter but now I'm here: @[email protected] https://t.co/hXggdAVkSQ
Kimberly @StopMalvertisin
17K Followers 630 Following Security Researcher | Cyber Threat / Malware Analyst | Ex Sr. Threat Analyst @ Proofpoint | Founder of Stop Malvertising
hasherezade @hasherezade
90K Followers 951 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
Anurag @Malwarehunterr
635 Followers 556 Following Threat hunting | Malware Analysis | These views are my own and not my employers. https://t.co/cERmryTU76
Cris Brafman Kittner @criskittner
2K Followers 1K Following Cyber geek at @FireEye, @Mandiant, @GoogleCloud, now @Proofpoint. Interplanetary enthusiast. History geek. Opinions my own.
crep1x @crep1x
3K Followers 316 Following Lead cybercrime analyst, tracking adversaries activities & infrastructure, at @sekoia_io
OSINTdefender @sentdefender
2.3M Followers 2K Following Open Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
Gootloader @Gootloader
1K Followers 374 Following Security researcher dedicated to pissing off the Gootloader Threat Actor.
Squiblydoo @SquiblydooBlog
5K Followers 98 Following Malware Analysis Creator of Debloat, certReport, and https://t.co/hEJGt0jzIq Want to chat? Join the Debloat discord: https://t.co/ZcWIqa6ZA9
Ole Villadsen @OleVilladsen
347 Followers 107 Following Threat researcher @proofpoint. Views are my own.
H!S3 @0x48215333
174 Followers 373 Following f*society | #BlueTeam | Love #MISP hate #Malware | in a complicated relationship with #Emotet, #QakBot,#PikaBot and #FluBot | *riendly
jungman @notajungman
921 Followers 5K Following undefined, and any attempt would be ill advised and unrefined. Also, it's time to start shrugging.
Casperinous @Casperinous
678 Followers 538 Following
Kyle Cucci @d4rksystem
6K Followers 570 Following Threat Research @proofpoint | Author of "Evasive Malware" @nostarch | Talks about cybercrime, threat intel, and malware stuff.
DogsVoiceUK @dogsvoiceuk
172 Followers 52 Following Animal welfare in the UK private security industry is non-existent, we aim to expose that and raise awareness. [email protected]
Alexis Dorais-Joncas ... @adorais
2K Followers 850 Following Sr Manager, APT Threat Research @Proofpoint
@bingohotdog@infosec.... @bingohotdog
82 Followers 164 Following fighting malicious traffic by moonlight 🌙. she/her.
Isaac @isashau
83 Followers 441 Following Detection Person at Emerging Threats/Proofpoint - Tweets are my own etc.
Daniel @dansomware
337 Followers 694 Following threat research @proofpoint // tweets are probably someone else's
PeterM🌻 @AltShiftPrtScn
3K Followers 100 Following Work in DFIR, fighting the good fight. Don't go 5 minutes without saying ransomware. Created as a failsafe: https://t.co/zIAq2Hz99E
Colin Cowie👨🏼�... @th3_protoCOL
3K Followers 881 Following Threat Intelligence 🏹 Malware Research 🧬 Managed Detection and Response @Sophos
ICSNick @IcsNick
1K Followers 562 Following Time to leave this platform. If you like to contact me professionally, find me on LinkedIn.
dao ming si @dms1899
1K Followers 258 Following work time: defender fun time: malware hoarder/puzzle solver/capacity tester member of: @Cryptolaemus1 fan of: @hatching_io @sublime_sec
Christopher Dawson @mrdatahs
5K Followers 4K Following Dad, Husband, Writer, Threat Intelligence at Proofpoint - Words are my own. He/him
John Hammond @_JohnHammond
320K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyiEk || https://t.co/narO3syzIy
nao_sec @nao_sec
13K Followers 156 Following
Kirk Soluk @KirkSoluk
170 Followers 371 Following Senior Manager, Security Research - Arctic Wolf Labs
Assi9 @assi9
808 Followers 4K Following Happiest guy in the room. Tweeting about #geekdad #linux #infosec #3Dprinting #dogs #drones and all things #nerdy. Chaotic Neutral
Arnold Osipov @osipov_ar
1K Followers 320 Following MSTIC RE @Microsoft | Ex @Morphisec, Check Point Research | RE, Malware & Threat hunting | Software Engineer.
Autumn Good @autumn_good_35
7K Followers 368 Following 晴れ時々セキュリティ、所により一時スイーツ。 セキュリティは趣味ですけど仕事にも活かしていきたいですね。Security Hobbyist. Ice Cream Researcher. 日本アイスマニア協会会員
MaximumEffort...Have ... @joewise34
160 Followers 135 Following
Digital_Monet @aRtAGGI
2K Followers 255 Following Binary and Art Recovery Specialist. aka "The White Glove"
ZACKATT&CK @ZackDoesML
100 Followers 72 Following applying machine learning to infosec. opinions may not be my own but they are definitely not my employer's. he/him.
Adrian Covich @AdrianCovich
140 Followers 2K Following Interested in infosec topics (amongst other things). SE director at Proofpoint Australia- views my own.
sam scholten @samkscholten
424 Followers 637 Following head of detection @sublime_sec 🕵️ fmr: @proofpoint https://t.co/SL2P9joPu8
Konstantin Klinger @kk_onstantin
709 Followers 763 Following Detection Engineering | he/him | 🌱⚽️🏃♂️🚴♂️🏊♂️ | tweets are my own
Jason Ford @JasonFord
279 Followers 178 Following
Tim Kromphardt @infosectimmy
308 Followers 750 Following Senior Threat Researcher @ Proofpoint and Co-Host of the Discarded Podcast #bec #emailfraud #infosec #TOAD My tweets are my own.
Zydeca @Zydecaa
508 Followers 124 Following Former Threat Researcher at Proofpoint. ✿ Exclaimer of meeps. ✿ Parent to servers. ✿ Drinker of tea, Earl Grey, Hot. ✿ Former @FBI ✿ My opinions are my own.
Fusion Intelligence C... @stealthmole_int
125K Followers 11K Following StealthMole : #Criminal #Intelligence #Profiling #Investigation Platform, #OSINT #DarkWeb #DeepWeb #Leaked #DataBreach #Terror #Drugs #Cryptoassets #Ransomware
Wes Drone @wesdrone
2K Followers 421 Following Microsoft | Former @Proofpoint Threat Research, @FBI, ESRX, DFIR Adjunct @UMSL | Tweets are my own not my employers
Brandon Murphy @zoomequipd
779 Followers 3K Following Detection Engineer for @sublime_sec | former @et_labs member | founder of @SecDSM | Ordained Minister | DEF CON Uber Badge Holder | opinions/tweets are my ownYou might like
