@CuratedIntel profile picture
Curated Intelligence @CuratedIntel

Bringing together intelligence researchers and incident responders. #TrackThePlanet

Joined September 2020
  • Tweets 402
  • Following 105
  • Followers 14,079
37 Photos and videos
Pinned Tweet
Curated Intelligence@CuratedIntel
31 Jan 2025
ICYMI: In October 2024, we released the CTI Research Guide. It aims to help practitioners learn more about how to effectively perform the collection, processing, analysis, and production stages of the CTI lifecycle. 🔗curatedintel.org/2024/10/the…
1
21
69
10,613
Curated Intelligence retweeted
Chuong Dong@cPeterr
15 Mar 2025
Reviving my blog with a complete analysis of the latest #LockBit #ransomware v4.0 Green! 🤠 chuongdong.com/reverse eng… h/t to @fwosar & @demonslay335 for all the crypto helps! Huge thanks to @BushidoToken & @CuratedIntel for the threat intelligence insight too! 🙏
12
86
298
43,990
⚠️PSA: VPN & RDWeb password guessing attacks have been observed originating from IP addresses consistently across the following subnets: 85.239.59.0/24 85.239.58.0/24 85.239.57.0/24 85.239.56.0/24 ➡️ Check for low & slow password guessing attempts and successful logins.
2
3
16
2,930
⚠️PSA: Curated Intel members in DFIR have noticed a trend in exploitation of CVE-2024-57727 in the SimpleHelp RMM tool to deploy Medusa ransomware. ➡️ This tool is often used by IT Managed Service Providers (MSPs) to remotely control customer endpoints and have been impacted.
2
20
45
6,286
Related articles 1. arcticwolf.com/resources/blo… 2. horizon3.ai/attack-research/… 3. dashboard.shadowserver.org/s…
5
1,858
RT @BushidoToken: Got a new project to share later this year which will be published via @CuratedIntel — a community of researchers that ar…
4
⚠️PSA: Curated Intel DFIR has noticed a new trend among Akira Ransomware cases in Summer 2024. For a while, Akira has been exploiting Cisco ASA devices. ➡️ They are now targeting SonicWall SSL-VPNs for access with no MFA (!) and weak passwords (!). Other TTPs remain the same 🔍
26
50
9,839
RT @BushidoToken: PSA from the @CuratedIntel Community to the CTI industry — watch out for cybercrime groups seeking access to your vendor…
27
⚠️PSA: Curated Intel DFIR teams noticed a severe uptick in Akira Ransomware cases in Jan 2024. Same repeated TTPs: - Dwell times of < 4 hours on average - Cisco ASA VPN for Access - WinSCP for exfil / WinRAR for compression - AnyDesk RMM for persistence - 'w.exe' Akira payload
5
62
178
62,056
Our friends at CSIRT-CTI have published their first new blog, stay tuned for more APT research from them! csirt-cti.net/2024/01/23/sta…
18
57
7,914
Come along to the first ever Curated Intel workshop. There will also be prizes for the best profile! #CTI
Will@BushidoToken
2 Nov 2023
My upcoming CTI workshop: 'Keep Your Enemies Closer: How to Profile and Track Threat Actors' at #BSidesLondon2023 is live! pretalx.com/bsides-london-20…
1
9
3,544
🌐 Curated Intel is tracking hacktivist, cybercriminal, and regional APT groups surrounding the war in Israel. We describe the types of campaigns and attacks we've observed so far and have also provided recommendations for CTI analysts monitoring the war. curatedintel.org/2023/10/tra…
2
51
113
35,193
RT @BushidoToken: We had some good convos in the @CuratedIntel community today based on this @thecyberwire interview Really interesting th…

Threat intelligence discussion with Chris Krebs.

In this extended interview, Simone Petrella sits down with Chris Krebs of the Krebs Stamos Group at the mWISE 2023 Cybersecurity Conference to discuss threat intelligence.

thecyberwire.com
9
Curated Intelligence retweeted
Kostas@Kostastsale
20 Sep 2023
A Day in the Life of a CISO
0:36
12
125
462
65,456
Pure facts #CTI
Allan “Ransomware Sommelier🍷” Liska
@uuallan
15 Sep 2023
Replying to @BushidoToken @aejleslie @Gi7w0rm @AlvieriD @AJVicens @kevincollier @ddd1ms
The thing that makes this profession hard sometimes is that victims lie about attacks, the criminals are lying pieces of shit, and randos on Twitter lie about what they know. Trying to get through the lies to the truth is a big challenge.

ALT Its Like Everybody Is Lying All The Time Patrick Mcauley GIF
10
2,956
Curated Intelligence retweeted
Zach@svch0st
15 Sep 2023
Replying to @phillmoore
@phillmoore and I posted a blog on a TTP observed in an #Akira Ransomware case. ➡️ Actor gains access to Hyper-V server (with EDR) and creates a fresh VM ➡️ Turns off server VMs and mounts Hyper-V data disk on new VM ➡️Starts encrypting vhdx files! cybercx.com.au/blog/akira-ra…
4
44
137
25,018
Curated Intelligence retweeted
Will@BushidoToken
14 Sep 2023
TL;DR of ALPHV/BlackCat's essay on the MGM breach - The attack began ~8 Sept. - They stole data and gained admin on their Okta SSO & Azure cloud tenant - ~100 ESXi hypervisors were hit by ransomware on 11 September - No ransom was paid Read in full here: gist.githubusercontent.com/B…
21
143
447
152,081
RT @BushidoToken: ⚠️ Use Microsoft Teams? Watch out for TeamsPhisher! While it is not usually possible to send files to MS Teams users out…
141
RT @BushidoToken: 🆕 Pleased to share my latest blog for SANS FOR589: Cybercrime Intelligence 👾 We reviewed the latest cybercrime intrusion…
47
Curated Intelligence retweeted
The DFIR Report
@TheDFIRReport
28 Aug 2023
HTML Smuggling Leads to Domain Wide Ransomware ➡️Initial Access: Thread-Hijacked Email > HTML Attachment ➡️Credentials: LSASS Access, SessionGopher ➡️Lateral Movement: RDP, PsExec ➡️C2: IcedID, Cobalt Strike ➡️Impact: Nokoyawa Ransomware thedfirreport.com/2023/08/28… 1/X

HTML Smuggling Leads to Domain Wide Ransomware - The DFIR Report

We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved the threat...

thedfirreport.com
5
163
370
96,966
Load more