Curated Intelligence @CuratedIntel Twitter profile

Last Seen Profiles

@jimmynoell

@RenugaD99374663

@MasonHolton

@EpikEpikson1

@JohnOwe70616840

@BNAlwiy

@nft_gimme

@sickfriends

@DravenNoctis

@blkblssm

@MeetWhale

@NenekHani

@avariksaga

@DanQ8000

@MikeHun68537113

@siqijiangbaba

@BAG_OFSP_UFSP

@UNOCHA_DRC

@labsGFX

@ErikaLevis40303

@JoelNorris12

@asiaklasi

@mitsumakis51387

@majortarantino

@ArmandinaK69668

@Runza

@TheBookofTaylor

@SarahMusca99070

@JenetMolep24636

@ArttNetwork

@Van2StarJ

@pranman

@pororoca_gt

@Szczesniak42022

@BigTitsLoves

@someNFTdude

Curated Intelligence

@CuratedIntel

2 years

Members of Curated Intel have compiled a public list of IOC feeds and threat reports focused on the recent Log4Shell exploit targeting CVE-2021-44228 in Log4j.

GitHub - curated-intel/Log4Shell-IOCs: A collection of intelligence about Log4Shell and its...

A collection of intelligence about Log4Shell and its exploitation activity. - GitHub - curated-intel/Log4Shell-IOCs: A collection of intelligence about Log4Shell and its exploitation activity.

github.com

5

220

509

Curated Intelligence

@CuratedIntel

2 years

⚠ A well-known Initial Access Broker (IAB) on a cybercriminal underground forum has reappeared after a several month hiatus, now offering a 0day RCE vulnerability, as well as domain admin access, and network hacking services #cti #cybercrime #threaintel

13

137

356

Curated Intelligence

@CuratedIntel

2 years

🇷🇺 OSINT on REvil In this feature, @SttyK shares geolocation reports related to the #REvil ransomware gang. In January, Russia's #FSB announced the arrest of some REvil ransomware gang members; the raid videos reveal some of their home addresses. 🔗

2

95

305

Curated Intelligence

@CuratedIntel

2 years

Curated Intel is working with analysts from around the world to provide useful information to organisations in #Ukraine looking for additional free threat intelligence feeds. The CI community will update this repository as the situation progresses.

GitHub - curated-intel/Ukraine-Cyber-Operations: Curated Intelligence is working with analysts from...

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory t...

github.com

3

94

212

Curated Intelligence

@CuratedIntel

3 months

⚠️PSA: Curated Intel DFIR teams noticed a severe uptick in Akira Ransomware cases in Jan 2024. Same repeated TTPs: - Dwell times of < 4 hours on average - Cisco ASA VPN for Access - WinSCP for exfil / WinRAR for compression - AnyDesk RMM for persistence - 'w.exe' Akira payload

5

65

191

Curated Intelligence

@CuratedIntel

3 years

Learn about the Initial Access Broker (IAB) space with this new visual! Created by @TrevorGiffen with notable peer review from the @CuratedIntel community🌀 🔗Blog: 🔗PNG: 🔗SVG: #CTI #IAB #AccessBrokers

2

87

166

Curated Intelligence

@CuratedIntel

2 years

🇺🇦 Curated Intel now tracks Ukrainian personal data shared on underground forums. We added a 'data brokers' table to our Repo. We have documented ~89 instances of Ukrainian data being shared/discussed on underground forums since December 1, 2021. 🔗

3

51

137

Curated Intelligence

@CuratedIntel

7 months

🌐 Curated Intel is tracking hacktivist, cybercriminal, and regional APT groups surrounding the war in Israel. We describe the types of campaigns and attacks we've observed so far and have also provided recommendations for CTI analysts monitoring the war.

2

53

121

Curated Intelligence

@CuratedIntel

2 years

We centralized most #Log4Shell IOCs in one place! CSV #1 — 11 feeds (MISP): CSV #2 — AV OTX pulses (MISP): CSV #3 — validated IOCs (ETAC): Curated by: @TrevorGiffen @0xDISREL @BushidoToken @MISPProject

2

55

117

Curated Intelligence

@CuratedIntel

2 years

🌐 Curated Intelligence is sharing a new resource we created for those of you looking to learn more about #CyberThreatIntelligence . This includes a collection of essential reading material & helpful projects created by other #CTI professionals

1

40

115

Curated Intelligence

@CuratedIntel

3 years

vx-underground

@vxunderground

3 years

Grief ransomware group has ransomed the National Rifle Association (NRA).

34

176

701

5

8

66

Curated Intelligence

@CuratedIntel

11 months

📣 With the help of Equinix Threat Analysis Center (ETAC)™️ team and the Curated Intel community we have created a GitHub repository to assist with tracking the MOVEit Transfer Hacking Campaign

GitHub - curated-intel/MOVEit-Transfer: A repository for tracking events related to the MOVEit...

A repository for tracking events related to the MOVEit Transfer Cl0p Campaign - curated-intel/MOVEit-Transfer

github.com

1

55

109

Curated Intelligence

@CuratedIntel

2 years

🇧🇾 Curated Intel member, @SttyK , asked Cyber-Partisans to share a malware sample from the ransom of Belarusian Railway; they sent an incident response report revealing a past compromise of Belarus' Academy of Public Administration. We investigated. 🔗

4

45

97

Curated Intelligence

@CuratedIntel

1 year

🔎 With the Help of Curated Intel member @SimulationKYLE , our curated Ukraine Cyber Operations repo has been updated with all pertinent threat reports!

0

44

94

Curated Intelligence

@CuratedIntel

2 years

Nightmare Before Christmas - Curated Intel's Response To Log4Shell We gathered #Log4Shell intelligence in one place: - IOC sources - Threat feeds - Threat reports - Threat profiles - Threat groups - Affected products Read our story: 🔗 #TrackThePlanet

2

46

90

Curated Intelligence

@CuratedIntel

2 years

On 2022-01-24, the group 'Belarusian Cyber-Partisans' claimed responsibility for an attack against Belarus' national railway company. An objective of the attack, they claimed, was aimed at hindering Russian troop movements inside Belarus. Today, they may have stopped trains.

vx-underground

@vxunderground

2 years

Today the Belarusian Cyber-Partisons group ( @cpartisans ) staged a cyber attack against the Belarusian railway infrastructure, designed to halt Russian military movements. Trains stopped in Minsk, Orsha, and Osipovichi The railway system uses Windows XP. Image via @cpartisans .

42

742

3K

1

31

85

Curated Intelligence

@CuratedIntel

2 years

We thank ETAC (Equinix Threat Analysis Center), particularly @BushidoToken , for today's Github Repository contributions: - Added Russian Cyber Operations Against Ukraine Timeline - Added Vetted and Contextualized IOCs 🔗

0

37

83

Curated Intelligence

@CuratedIntel

2 years

Thank you @CISAgov for recommending @CuratedIntel as a resource in your advisory for threat hunting #Log4Shell during DFIR procedures! Our team is very proud of this accomplishment. 🔗 Mitigating Log4Shell and Other Log4j-Related Vulnerabilities:

0

25

84

Curated Intelligence

@CuratedIntel

1 year

Enjoy the first Curated Intelligence blog of the year! All about analyzing databases from DDoSaaS platforms! Quite interesting following the recent action by international LEAs around Christmas time. 🔗 #cti #cybercrime #ddos #database #infosec

0

19

70

Curated Intelligence

@CuratedIntel

11 months

New Curated Intel Blog - CL0P likes to MOVEit MOVEit 🔗

1

22

64

Curated Intelligence

@CuratedIntel

3 months

Our friends at CSIRT-CTI have published their first new blog, stay tuned for more APT research from them!

0

18

63

Curated Intelligence

@CuratedIntel

1 year

New Curated Intel Community blog! The Difficulties and Dubiousness of Darkweb Data Leaks Sites 🔗 #CTI #cybercrime #Ransomware

0

22

51

Curated Intelligence

@CuratedIntel

2 years

We expected RaaS, it was a question of time. Some affiliates of the Ransomware-as-a-Service (RaaS) group — #Conti — are observed exploiting #Log4Shell . RaaS observations will increase and media pages will report on them; at Curated Intel, our updates on Github will remain clear.

1

18

51

Curated Intelligence

@CuratedIntel

2 years

We added a new 'IOC Threat Hunt Feed', for threat groups recently targeting Ukraine, to our repo. Courtesy of @RecordedFuture ; we converted their feed to MISP-CSV format, and also added contextual tagging.

Ukraine IOC List | Recorded Future

This list contains indicators associated with Threat Actors and Malware related to the Russian cyber actions against Ukraine determined by Recorded Future's Insikt Group's research. This will be...

go.recordedfuture.com

0

22

49

Curated Intelligence

@CuratedIntel

2 years

🔐Reversing Rook Ransomware In this feature, @cPeterr shares findings after reverse engineering an emerging ransomware family dubbed Rook. He identified encryption methods; notably, Rook borrows some of the code from the leaked Babuk V3 source code. 🔗

0

17

49

Curated Intelligence

@CuratedIntel

2 years

We are now tracking #NanoCore #RAT being distributed via #Log4Shell . Thank you @1ZRR4H for flagging this to us. 🔗

GitHub - curated-intel/Log4Shell-IOCs: A collection of intelligence about Log4Shell and its...

A collection of intelligence about Log4Shell and its exploitation activity. - GitHub - curated-intel/Log4Shell-IOCs: A collection of intelligence about Log4Shell and its exploitation activity.

github.com

Jakub Kroustek

@JakubKroustek

2 years

#Nanocore #RAT distributed via #log4j (since 2021-12-11) #log4shell

1

28

69

1

9

47

Curated Intelligence

@CuratedIntel

2 years

🕒 The Long Game of Cyber Threat Intelligence In this community feature, @michael_deebo expresses his views on what he calls the "CTI long game" and how CTI teams, as a core component of many security teams, should approach it and why it matters. 🔗

0

14

44

Curated Intelligence

@CuratedIntel

2 years

New blog by @bushidotoken following a productive discussion with Curated Intelligence members on threat group naming schemes and why they are important

Will

@BushidoToken

2 years

#CTI #Attribution : I find it odd when other vendors hijack CrowdStrike’s original naming scheme for APTs 🇮🇷 RampantKitten, DomesticKitten, FoxKitten, FerociousKitten 🇨🇳 TwistedPanda, ViciousPanda, SharpPanda These were not named by CrowdStrike, but by 🇮🇱 or 🇷🇺 vendors 🤔

7

12

74

0

15

40

Curated Intelligence

@CuratedIntel

10 months

🚨 Curated Intel observed an adversary on a Russian-speaking cybercrime forum (XSS) offering alleged access to SSH Logins for an Industrial Automation system. ⚠ This is cause for alarm for ICS/OT admins around Initial Access Brokers (IABs) seeking access to industrial tech.

0

26

42

Curated Intelligence

@CuratedIntel

2 years

🇺🇦 We feel for the people of Ukraine. We do hope to help. Curated Intel is assessing the resources available to us. We are determining how cyber threat intelligence can be coordinated to support Ukrainian organizations and their allies. Please keep up the good work, everyone.

0

9

38

Curated Intelligence

@CuratedIntel

10 months

🌐 Additional updates to the Curated Intel GH tracking MOVEit exploitation Up to 30 new victims added in July, thus far. See our repo tracking the progression of uploads by CL0P as well as victim disclosures. Also, follow @BrettCallow for updates too

2

17

34

Curated Intelligence

@CuratedIntel

2 years

There is an ongoing campaign creating mass amounts of pro-Russian political propaganda, written in Chinese-language, via GitHub issue reports. These messages criticize open-source projects/maintainers for supporting Ukraine, including our 'Ukraine Cyber Operations' repo.

3

15

34

Curated Intelligence

@CuratedIntel

2 years

Curated Intel members have solved the confusion around unconfirmed "new ransomware" being deployed via #Log4Shell . This ransomware is named "TellYouThePass", it mostly attacks Chinese systems, and it does not operate using the feared RaaS model. Details:

heige

@80vul

2 years

[Bad news] Ransomware has landed on #log4j2 RCE

23

457

824

1

15

35

Curated Intelligence

@CuratedIntel

2 years

🔐 Curated Intel member, @1ZRR4H , observed QNAP ransomware events being reported via IoT search engines, including Shodan and Censys. 🔗 Shodan (1160 events): 🔗 Censys (3687 events): Tip: use country tags to search by country.

1

11

32

Curated Intelligence

@CuratedIntel

2 years

A screenshot from the BazarBackdoor botnet panel used by the Conti ransomware group, observed by @1ZRR4H .

Germán Fernández

@1ZRR4H

2 years

Con ustedes 🥁.... el panel de la botnet #BazarLoader aka #BazarBackdoor utilizado por los operadores de Conti Ransomware 🔥🔥🔥 608 dominios únicos extraídos desde la sección de bots (posiblemente compañías comprometidas) 🌶️ [+] #ContiLeaks 🕵️‍♂️

5

67

160

0

14

30

Curated Intelligence

@CuratedIntel

2 years

🔒 Curated Intel Community Feature: @cPeterr shares his findings after reverse engineering PLAY ransomware's code obfuscation and encryption features 🔗 #CTI #ThreatIntel

0

17

29

Curated Intelligence

@CuratedIntel

2 years

🌍 Curated Intel continues to provide OSINT situational awareness updates on the #WarInUkraine . Threat reports from the start of June 2022 have been added:

0

18

29

Curated Intelligence

@CuratedIntel

2 years

At that time, a member of Curated Intel, @SttyK , reached out to the group. The Belarusian Cyber Partisans shared documents related to another hack, and explained that [we] would “understand some of the methods used.” We wrote a report, to add context:

1

9

27

Curated Intelligence

@CuratedIntel

2 years

🛰️ #GEOINT on Russian Military at the Border of Ukraine CI's Eye in the Sky @rag_sec investigates what #Russia is potentially bringing to the fight if (or when) they invade #Ukraine 🔗

0

12

26

Curated Intelligence

@CuratedIntel

2 years

We are monitoring #Spring4Shell and will report on it once we can do so with clarity.

0

3

26

Curated Intelligence

@CuratedIntel

2 years

We thank KPMG-Egyde's CTI team, particularly @0xDISREL , for their Github Repository contributions: - Added Ukraine-Russia IOC Threat Hunt Feeds - Updated Log4Shell IOC Threat Hunt Feeds The IOCs are formatted as MISP-CSV, useful for indicator sweeps. 🔗

GitHub - curated-intel/Ukraine-Cyber-Operations: Curated Intelligence is working with analysts from...

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory t...

github.com

2

10

26

Curated Intelligence

@CuratedIntel

3 years

ℹ️ CI Chat E03 - Conti Ransomware "The playbook for Conti was recently leaked by an affiliate, but what does that mean for enterprise operations and defenders?" 🎤A special thank you to everyone who participated! 🔗Available on Spotify, etc: #Conti #RaaS

Conti - Curated Intelligence Conversations by Technical Outcast

This week, Technical Outcast hangs out with the crew on the Curated Intelligence Discord channel to talk about Conti. The playbook for Conti was recently leaked by an affiliate, but what does that...

podcasters.spotify.com

2

11

23

Curated Intelligence

@CuratedIntel

2 years

We collectively express gratitude to @campuscodi for keeping everyone updated on the latest cybersecurity news! Reporting that is both accurate and swift is no easy feat, especially spanned over many years. Congratulations on your success, Catalin — enjoy this break!

0

8

25

Curated Intelligence

@CuratedIntel

2 years

ICYMI @CuratedIntel analysts continue to update our GitHub repo with useful threat intel and resources for organizations in #Ukraine ️

Curated Intelligence

@CuratedIntel

2 years

Curated Intel is working with analysts from around the world to provide useful information to organisations in #Ukraine looking for additional free threat intelligence feeds. The CI community will update this repository as the situation progresses.

3

94

212

0

10

23

Curated Intelligence

@CuratedIntel

2 years

📷 BlackVue dashcam privacy leaks disclosed In this feature, @ZephrFish uncovered concerning private information leak in BlackVue vehicular dashcams. Anyone with the app can find vehicles broadcasting their geolocation and monitor the dashcam footage. 🔗

0

13

22

Curated Intelligence

@CuratedIntel

10 months

🌐 The Threat Actor Profile Guide for CTI Analysts

Will

@BushidoToken

10 months

We did a thing! Freddy M and I have worked since early 2023 on a side project to create: _The Threat Actor Profile Guide for CTI Analysts_ We hope wider the #CTI community finds this as helpful as the @CuratedIntel members. 🔗 🔗

9

138

357

0

7

22

Curated Intelligence

@CuratedIntel

2 years

🌍 Curated Intel continues to track malicious cyber activities related to the #UkraineRussiaWar find out what happened in May 2022 here:

0

13

22

Curated Intelligence

@CuratedIntel

2 years

💰 Curated Intel member, @Bank_Security , shared an overview of the most commonly advertised information related to financial institutions on the Dark Web in 2021. He notes that cybercriminals are most focused on acquiring databases via the underground. 🔗

0

10

23

Curated Intelligence

@CuratedIntel

1 year

Merry Christmas and Happy Holidays from the Curated Intelligence team! 🎄❄️🎁

1

3

22

Curated Intelligence

@CuratedIntel

3 years

Conti Leaked Playbook TTPs, by @0xDISREL 🔗

1

6

20

Curated Intelligence

@CuratedIntel

2 years

We added a new 'IOC Threat Hunt Feed', for recently registered Ukrainian domain names, to the 'Ukraine Cyber Operations' repo. Courtesy of @DomainTools ; we converted their feed to MISP-CSV format, and also added contextual tagging (h/t @0xDISREL ). 🔗

DomainTools

@DomainTools

2 years

@CuratedIntel Thank you for including the feed in your GitHub repo! We are always happy to help.

0

3

0

8

19

Curated Intelligence

@CuratedIntel

11 months

LockBit affiliate Ruslan Magomedovich Astamirov arrested

Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against...

The Justice Department today announced charges against a Russian national for his involvement in deploying numerous LockBit ransomware and other cyberattacks against victim computer systems in the...

www.justice.gov

0

8

17

Curated Intelligence

@CuratedIntel

3 years

We were honored to have three Curated Intelligence members take part in the CTI panel "Threat Report Roulette" which was live streamed by the Blue Team Village at DEFCON29: @BushidoToken , @0xDISREL and @Ch33r10

2

5

17

Curated Intelligence

@CuratedIntel

2 years

Members of the Curated Intel community assisted in adding a new TTP to the MITRE ATT&CK framework

Will

@BushidoToken

2 years

Happy to see that ETAC research added T1608.006 to @MITREattack v12! Big thanks to @jamieantisocial for collaborating on this one with us.

19

4

39

0

4

17

Curated Intelligence

@CuratedIntel

2 years

We are actively tracking emerging Log4j threats within the Curated Intel community: - Added analyst notes to add contextual insight about IOC usability and reliability. - Exploring centralizing all IOC sources in a daily threat hunting feed (format: CSV, MISP).

Curated Intelligence

@CuratedIntel

2 years

Members of Curated Intel have compiled a public list of IOC feeds and threat reports focused on the recent Log4Shell exploit targeting CVE-2021-44228 in Log4j.

5

220

509

0

7

16

Curated Intelligence

@CuratedIntel

2 years

@stacksmasher @Cyberknow20 @krypt3ia Who? Make a pull request:

GitHub - curated-intel/Ukraine-Cyber-Operations: Curated Intelligence is working with analysts from...

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory t...

github.com

0

5

14

Curated Intelligence

@CuratedIntel

1 year

Check out a recent talk by a Curated Intel member, Freddy M, at the SANS Summit on a crucial aspect of CTI: Measuring its Effectiveness

The Way to a Stakeholder’s Heart is by Providing Value: Measuring...

SANS Cyber Threat Intelligence Summit 2023The Way to a Stakeholder’s Heart is by Providing Value: Measuring Success of Your CTI ProgramFreddy Murstad, Senior...

www.youtube.com

0

8

14

Curated Intelligence

@CuratedIntel

2 years

This week, we will update the #Log4Shell threat hunt feeds to include IOCs not captured since our last update. Since we set IOC retention to 90 days, it is a good time to update: ~90 days have occurred since that crisis blew up. cc @0xDISREL

Anis Haboubi |₿|

@HaboubiAnis

2 years

@matthieugarin @CuratedIntel c'est moi ou tout le monde a oublié #log4hell .. c'est moi ou peu de personne comprenne qu'ils sont dans ses réseaux depuis des semaines .. et quand ca va péter ca va faire très très mal ... Une partie des targets qui ont déjà été ciblé ..

2

14

18

3

4

14

Curated Intelligence

@CuratedIntel

2 years

We are working with corporate collaborators to prepare centralised, all-encompassing threat hunt feeds. We will be prepared to publish them next week. "Slava Ukraini. Glory to Ukraine."

0

2

13

Curated Intelligence

@CuratedIntel

8 months

Pure facts #CTI

Allan “Ransomware Sommelier🍷” Liska

@uuallan

8 months

@BushidoToken @aejleslie @Gi7w0rm @AlvieriD @AJVicens @kevincollier @ddd1ms The thing that makes this profession hard sometimes is that victims lie about attacks, the criminals are lying pieces of shit, and randos on Twitter lie about what they know. Trying to get through the lies to the truth is a big challenge.

1

16

0

12

Curated Intelligence

@CuratedIntel

3 years

The first Curated Intelligence podcast episode is now available! Join @SteveD3 @InfoSec_Pom @TrevorGiffen & others to discuss: - Endpoint detection & response (EDR) - Free and open-source software (FOSS) - Strategic vendor considerations #EDR #FOSS #CTI

CI Chat E001 - EDR, Vendors, FOSS

Listen to this episode from Curated Intelligence Chat on Spotify. Curated Intelligence Discord chat with @InfoSec_Pom, @SteveD3, @TrevorGiffen and others. In this episode we discuss EDRs, vendors in...

open.spotify.com

1

8

12

Curated Intelligence

@CuratedIntel

3 years

ℹ️ Check out these Community Features from the @CuratedIntel crew! Featuring @0xDISREL @cPeterr @AltShiftPrtScn @BushidoToken

1

5

11

Curated Intelligence

@CuratedIntel

2 years

The ID-Ransomware (IDR) analysis of @PolarToffee , cross-validated with a ransom note analysis of @nokae8 , indicates that #TellYouThePass ransomware has been deployed after exploiting #Log4j2 (CVE-2021-44228).

Toffee

@PolarToffee

2 years

@GossiTheDog @80vul On IDR, we've see a very sudden spike in submissions for what is a very old ransomware (TellYouThePass) today. Not saying they are using log4j2 but that's certainly interesting.

0

2

18

1

5

11

Curated Intelligence

@CuratedIntel

2 years

🎤 Curated Intel member, @euphoricfall , will be speaking about the importance of human networking in the CTI industry. The presentation takes place on January 28 and requires pre-registration for the SANS CTI Summit, which is free:

Grace

@euphoricfall

2 years

Catch me this Friday at the @SANSInstitute CTI Summit to talk about the current state and potential of CTI networking. Here's a teaser of the research findings I'll be revealing for the first time 👇

3

14

71

0

3

11

Curated Intelligence

@CuratedIntel

2 years

@vxunderground @TheDFIRReport @tmpout Thank you! We appreciate you, too. Many of our members use @vxunderground 's resources to further their research and to make the world a safer place.

0

1

11

Curated Intelligence

@CuratedIntel

3 years

Microsoft analyzed a #phishing kit while examining credential phishing campaigns, they named the kit "TodayZoo". In their post, @CuratedIntel members @BushidoToken & @SteveD3 are referenced! 🔗 🔗 🔗

Franken-phish: TodayZoo built from other phishing kits | Microsoft Security Blog

A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich...

www.microsoft.com

1

10

11

Curated Intelligence

@CuratedIntel

3 years

Cyber Intelligence: HUMINT Operations by @Bank_Security

Cyber Intelligence: HUMINT Operations

How to engage Threat Actors during undercover operations in the cyber-crime battleground

bank-security.medium.com

0

2

11

Curated Intelligence

@CuratedIntel

2 years

In one "issue" report, the new GitHub account "ChinaLoverussia" (created today) has lots to say. Shortly after we closed the issue, the issue was deleted, and their account disappeared. Disclaimer: stating the obvious here, but this is false Russian propaganda.

1

3

11

Curated Intelligence

@CuratedIntel

6 months

Come along to the first ever Curated Intel workshop. There will also be prizes for the best profile! #CTI

Will

@BushidoToken

6 months

My upcoming CTI workshop: 'Keep Your Enemies Closer: How to Profile and Track Threat Actors' at #BSidesLondon2023 is live!

4

28

164

0

1

9

Curated Intelligence

@CuratedIntel

2 years

Latest Sandworm attack used an ICS-capable malware as well as regular disk wipers for Windows, Linux and Solaris

CERT-UA

@_CERT_UA

2 years

Russian related #UAC0082 ( #Sandsworm ) cyberattacks on Ukrainian power grid using #INDUSTROYER2 and #CADDYWIPER variants More information at the link:

2

103

167

0

2

9

Curated Intelligence

@CuratedIntel

2 years

Thanks for the mention, @MISPProject ! New folder:

MISP (@[email protected])

@MISPProject

2 years

Nice set of indicators for #Log4Shell in @MISPProject standard format from @CuratedIntel

2

32

65

0

3

9

Curated Intelligence

@CuratedIntel

2 years

Curated Intel members, @SteveD3 and @BushidoToken , go on record to discuss what we know about the 'Belarusian Cyber Partisans' and their targets. Thank you @AJVicens for covering this story.

CyberScoop

@CyberScoopNews

2 years

Details emerge on hack of Belarusian Railways and the group behind it by @AJVicens

0

3

5

0

8

Curated Intelligence

@CuratedIntel

2 years

@DomainTools The threat feed will be included in tomorrow's threat feed ingest on our 'Ukraine Cyber Operations' GitHub repo - thank you!

GitHub - curated-intel/Ukraine-Cyber-Operations: Curated Intelligence is working with analysts from...

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory t...

github.com

1

8

Curated Intelligence

@CuratedIntel

2 years

We do a little trolling

1

0

7

Curated Intelligence

@CuratedIntel

2 years

Potential cyberattacks observed surrounding the tension between the US and China over Taiwan, worth CTI keeping an eye on the situation

Tingting Liu 劉亭廷

@tingtingliuTVBS

2 years

BREAKING: Taiwan’s Presidential Office just confirmed that at around 17:15 local time, the Presidential Office’s website was hit by an overseas DDoS attack. The attack traffic was 200 times that of a normal day, causing the official website to be down for 20 minutes. (1/2)

261

4K

13K

0

6

8

Curated Intelligence

@CuratedIntel

3 years

For our first blog, learn with the diligent @BushidoToken about leveraging Virus Total for threat investigations (report interpretation, mapping relationships in graphs, et al.)! #TrackThePlanet #VirusTotal #CTI

0

5

7

Curated Intelligence

@CuratedIntel

2 years

Keep up with the Twilio breach with this awesome thread by @JCyberSec_

Jake | JCyberSec_

@JCyberSec_

2 years

⚠️So you have heard about the Twilio breach? SMS #phishing messages were sent to Twilio staff resulting in multiple employees accounts being compromised 📱 🥷Threat actors then accessed 163 customers resulting in further compromise Here is a timeline of events... Thread🧵⤵️

3

60

134

0

4

7

Curated Intelligence

@CuratedIntel

3 years

Analysis of Mercenary APTs, by @BushidoToken 🔗

0

2

7

Curated Intelligence

@CuratedIntel

11 months

Great list by Pulsedive! Check it out

Pulsedive Threat Intelligence

@pulsedive

11 months

A roundup of conferences you don't want to miss

0

9

11

0

7

Curated Intelligence

@CuratedIntel

3 years

Thanks to @SteveD3 @InfoSec_Pom @shotgunner101 @BushidoToken @CryptoCypher @MalwareJake @TriW0lf & others!

1

6

Curated Intelligence

@CuratedIntel

3 years

On the note of #ransomware decryption, @emsisoft 's team is setting the stage for good practices 🙏 @fwosar published a blog explaining their decryption campaign, helping many #BlackMatter victims recover 💙 More: 🔗 🔗

Hitting the BlackMatter gang where it hurts: In the wallet

A bug in BlackMatter's encryption enabled us to help victims recover their data and avoiding tens of millions of dollars in ransom demands.

www.emsisoft.com

Curated Intelligence

@CuratedIntel

3 years

You figured out how to #decrypt a #ransomware through a cryptographic flaw. You want to help as many victims as possible. You want to make a good decision. So... what's next? Researcher @BushidoToken lays out five real-world scenarios of what's to come!

0

3

5

0

2

6

Curated Intelligence

@CuratedIntel

3 years

#TrackThePlanet 🌎🌏🌍

0

6

Curated Intelligence

@CuratedIntel

3 years

ℹ️ Join the crew @CuratedIntel and @TechniOutcast for a discussion about ransomware. 🔊 A special thank you to @SteveD3 for hosting and @fwosar @PolarToffee @InfoSec_Pom @TrevorGiffen for discussing ransomware discovery, best practices, mitigations, ransom payments, and more!

Steve Ragan ⚠️

@SteveD3

3 years

On Friday, I had a chat with the folks at @CuratedIntel on Discord about ransomware. We wrapped just as news of the #KaseyaVSA / #REvil attack broke. Here is a clip from that conversation, focusing on ransomware deployment. Full episode is live now:

1

2

6

0

3

6

Curated Intelligence

@CuratedIntel

2 years

Use for #Log4Shell threat hunting, not for blocklisting! CSV #1 + CSV #2 are medium confidence; false positives exist, as they are unfiltered curations kindly provided by @KPMG CTI. CSV #3 is high confidence; the feed is a filtered curation kindly provided by @Equinix ETAC.

1

6

Curated Intelligence

@CuratedIntel

3 years

On this note, thank you to @uuallan and @pancak3lullz for preparing the CVE chart in the bottom-right corner 🙏

0

6

Curated Intelligence

@CuratedIntel

2 years

Curated Intelligence's @BushidoToken recently discovered a cyber espionage campaign targets renewable energy companies using OSINT techniques like DNS scans and public sandbox submissions:

Cyber espionage campaign targets renewable energy companies

A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations has been discovered to be active since at least 2019, targeting over fifteen...

www.bleepingcomputer.com

0

2

5

Curated Intelligence

@CuratedIntel

3 years

Our team at Curated Intelligence have created a blog for you to follow We will share everything from general insights to tips & tricks for threat analysts, researchers, and responders!

1

3

5

Curated Intelligence

@CuratedIntel

2 years

Thanks @jakecreps !

Jake Creps

@jakecreps

2 years

If you’re responsibly looking into #OSINT about Ukraine/Russia, here’s a resource of publicly available cyber threat intelligence sources. Created by @CuratedIntel Includes threat reports and related vendors

2

78

161

0

5

Curated Intelligence

@CuratedIntel

3 years

Reverse Engineering Dridex, by @cPeterr 🔗

1

5

Curated Intelligence

@CuratedIntel

2 years

This table focuses on data brokers. We will next assess the feasibility of tracking access brokers.

0

1

5

Curated Intelligence

@CuratedIntel

3 years

You figured out how to #decrypt a #ransomware through a cryptographic flaw. You want to help as many victims as possible. You want to make a good decision. So... what's next? Researcher @BushidoToken lays out five real-world scenarios of what's to come!

0

3

5

Curated Intelligence

@CuratedIntel

3 months

@MHiemer22 Technical details available here: 1. 2.

0

5

Curated Intelligence

@CuratedIntel

2 years

Curated Intel is just one of several trust groups in the industry. However, we do hope that by documenting our experience of how we responded to #Log4Shell , we can help other groups organize themselves and contribute to the wider community.

1

0

5

Curated Intelligence

@CuratedIntel

2 years

Lastly, we'd like to thank @Myrtus0x0 for pulling the Java class file and collaborating with @nokae8 to see this analysis through.

1

0

4

Curated Intelligence

@CuratedIntel

2 years

@MISPProject Thank you for sharing! We love MISP and its future. FYI, we moved the feeds to a new folder per a new naming schema.

0

4

Curated Intelligence

@CuratedIntel

2 years

On 2021-12-20 [2/2], Curated Intel members parsed @AlienVault OTX to be MISP compatible with the help of the @KPMG team (Egyde CTI). Pertinent IOCs are stored on OTX that are not covered by the other 11 holistic sources. 🔗 h/t @0xDISREL @TrevorGiffen

1

2

4

Curated Intelligence

@CuratedIntel

2 years

This was first confirmed in the Chinese-speaking security community, but not the English-speaking security community. Sangfor Threat Intel Team captured TellYouThePass ransomware samples and conducted an analysis, deployed via the #Log4Shell exploit.

1

0

4

Curated Intelligence

@CuratedIntel

2 years

New Community Feature - REvil Ransomware on Darknet Diaries

0

2

4

Curated Intelligence

@CuratedIntel

2 years

We hope that this #Log4Shell resource has eased the pressure off of some and helped others with their own intelligence collection and analysis plans. And finally — Merry Christmas and Happy Holidays — from our team to yours! 🎄

1

0

4

Curated Intelligence

@CuratedIntel

2 years

New blog by CI's @BushidoToken

Will

@BushidoToken

2 years

New Blog: Space Invaders: Cyber Threats That Are Out Of This World

9

79

262

0

1

4