As far as pivoting is concerned in CTI, you can pretty much do it all between @virustotal, @censysio & @urlscanio 🐧 I have taken all Artifact types and their features from the Awesome Pivot Atlas maintained by @AmitaiCo & mapped it against sources & where to find them Links ⬇️

If any of you awesome bunch are attending @DEATHCon2025 in Edinburgh, feel free to hit me up :) Here is a sneak peak into what is planned for my YARA workshop 🐧

Forgot to mention, the primary on this investigation is Ellis Stannard who has pretty much nailed it 😎 More IoCs Here:

=> Potential attribution to 🇰🇵 Nexus actors => Novel technique called "Cross-Chain TxDataHiding" => Interesting C2 mechanism being leveraged => Mature adversary OPSEC Stay frosty for more IoCs, YARA, reversing payloads and C2 infra in the upcoming parts 🐧

Always noice collabing with other researchers and first of the many to come. This is easily one of the most complex infection chains I have looked at! More deets will follow in this multi-part series, so stay tuned for some more intel 🐧 Key Pointers ⬇️ https://t.co/7lElpRLZg4

If you are tracking adversary infrastructure, it does not necessarily need to be malicious in nature. You can still track it for the purpose of clustering, provided it is specific enough to do so, just saying 🐧

You do not wanna miss out on this one, if you are interested in advancing your malware analysis skills, just grab it, I have got mine 🙂 Cannot think of a better course for the value and price point, looking forward to the YARA & Automation bits Awesome stuff @struppigel 🐧

@cyb3rops @virustotal Retro Hunt Complete ==> +12 Samples Identified, all added to the IOCs link above 🐧 With Respect to attribution, feels like a Cybercrime, possibly 🇰🇵 Cluster behind it. But hey, feelings have no place in attribution. Take is as low confidence assessment at best for time being 😂

@cyb3rops @virustotal Updated the rule description on GitHub🙃

Have created a YARA rule for the compromised NPM malicious packages based on sample shared by @cyb3rops 🐧 Ran a quick retro hunt on @virustotal and identified 29 samples (still running) Link to Rule => https://t.co/065t9ItfMi Will Update IOCs Here => https://t.co/bFJt6YKsXP

On a non-cyber front, I just did my first 10K running event, the timing is shizzle (1:02:38) but not too bad 🐧

Just a random yet obvious thought, u cannot analyse APT operations without understanding geopolitical & socioeconomic factors that help link adversary to victimology. I say this because a lot of us are more focused on tactical intel where sometimes we ignore strategic elements 🐧

Hoping to seeing some of you awesome bunch at @BSidesBournemth tomorrow for C2 tracking and more importantly grabbing some tequila shots🐧

I literally don't listen to podcasts of any sorts. But this one is super interesting and I am absolutely hooked onto it... If you are in threat intelligence, you do not wanna miss out on this, just too good🐧

Super excited for this one! @knappresearchlb and I are gonna be doing our first ever public workshop in 2 weeks at @BSidesBournemth on C2 hunting & rumor has it that the winner of CTF gets a pretty neat CTI coin Should be a fun one, hoping to meet some of you awesome bunch 🐧

@DEATHCon2025 I will also be in Edinburgh on 8th & 9th of Nov if anyone wants to link up :) Also, @knappresearchlb will be doing a CTF style workshop on Adversary Infrastructure Hunting (rumor has it that winner gets a sick custom coin) 😉 Tickets are now live at

Super excited to say that I will be doing my first ever solo workshop at @DEATHCon2025. It will be on writing YARA for malware attribution (I know this is a scary word) 🐧 There are plenty of other cool workshops on all things Detection Engineering & Threat Hunting Mo Deets ⬇️

#RandomThoughts In my opinion, one of the biggest challenges in the modern realm of CTI is retaining conventional intelligence while bolstering workflows using automation, GenAI and other machine learning components which are likely to introduce unknown biases in the process 🐧

Apologies for the Mandatory Details Entry, call it my bias if you may but it is worth it 🙃

Our team has just released the 2025 CTI Report. The key focus has been on tracking adversary infrastructure and is packed with our threat research insights alongside an in-depth view into the changing information stealers & ransomware ecosystems 🐧 Link:

Saturday morning and I'm bit bored so why don't I look for #Phishing #CryptoScam websites for the #lol 🤣🤪using free tools? 1⃣ 📸@urlscanio (I don't have pro plan). Searching possible websites 2⃣📸At the first glance one suspect web found 3⃣235 similar websites found