Validin is a next generation internet intelligence platform.
Joined May 2017
- Tweets 806
- Following 462
- Followers 2,286
- Likes 1,106
198 Photos and videos
Pinned Tweet
Apr 28
For analysts and researchers: releasing a new advanced search query language and Search Sessions. Read the announcement:
validin.com/blog/validin_int…
2
1,344
Jun 12
With the World Cup in full swing, we dug into the IoCs from @GroupIB's Ghost Stadium report and found 3,079 domains still active in the past 14 days.
We've published the full list of 6,000 suspected domains publicly. Full write-up below ⤵️
validin.com/blog/ghost_stadi…
1
1
4
251
Jun 12
Read their report, with more technical breakdown of the mechanics of the campaign, here:
x.com/GroupIB/status/2059531…
May 27
Group-IB researchers have uncovered a Chinese-speaking threat actor, designated #GHOSTSTADIUM, operating over 300 fraudulent domains with a pixel-perfect React based #phishing kit built on the Layui 2.7.6 framework, a Chinese UI library virtually unknown outside the Chinese developer community. The kit clones tournament's official PingIdentity SSO flow using a legitimate client_id and includes password reset authorization to lock victims out after credential capture. #ThreatIntel
230
1/
Just came across this using @ValidinLLC searching for "Launch Meeting - Zoom"
domains hosting what looks like XSS > RCE > MS Signed > dropper.exe > miniplasma > more fun
@astrarce @Gi7w0rm @RussianPanda9xx @SquiblydooBlog @MsftSecIntel @banthisguy9349 @_JohnHammond
3
6
11
1,579
Lets use this pivot point on @ValidinLLC
Title: Zoom Client Update
Reported to @abuse_ch
Telegram info
'bot_url' "6366434554:AAFV0fUvPM4BdKKUvMt9aQwg1nQ8MsxCpXE"
'chat_id' "588250349"
May 23
⚠️Observed phishing URLs delivering RMM payload:
Theme: Zoom
RMM: ScreenConnect
URL: hxxp://zoom.web-interviews[.]live
VBS Download URL: hxxps://zoom.web-interviews.live/download.php
SHA256:65208b731a5a0956a90d8cd415825123029712acdf240ab6d613154c4307c087
#ThreatIntel #Phishing #RMM
2
6
5
2,472
Validin's threat intelligence platform requires unfettered access to data, with affordable, high-performance storage, bandwidth, and scaling.
They’ve found that with Vultr Bare Metal, Cloud Compute, and File System.
See how @ValidinLLC wins with Vultr: blogs.vultr.com/validin-case…
2
2
1,612
May 14
Six months after @DJSnM and @_JohnHammond were targeted with a fake "DMCA takedown" campaign, we revisit old pivots and find some new connections.
validin.com/blog/dmca_phishi…
5
13
4,590
Validin retweeted
May 14
#PIVOTcon26 edition is over! Time to #pivot to #PIVOTcon27
Big thanks to our sponsors for making this happen!
@silentpush @vtxproject @censysio @urlscanio @ValidinLLC @TalosSecurity @abuse_ch @SpamhausTech @ecrime_ch @epieos @sekoia_io @wearetlpblack @webscout_io @rationaledge 1/
3
6
19
2,131
Validin retweeted
May 13
New report revisiting Gamaredon, this time focusing on their phishing emails and first stage downloaders - GammaDrop and GammaLoad. Despite years of active campaigns, detailed public analysis of either has been lacking. So we fixed that. 1/5
2
9
26
4,875
May 6
✈️ We’re headed to Malaga, Spain for #PIVOTCon26! Our founder Kenneth Kinion and founding engineer Sreekar Madabushi will be attending.
1
1
495
Apr 30
We're looking forward to seeing you all at @pivot_con next week!
Apr 30
Countdown is real ⌛️ Next week‼️
#ThreatResearch community gathers in Málaga 🇪🇸
Time to remind our PIVOTcon song: soundcloud.com/argonix/pivot…
But watch out — it's a banger!
thx: @JReisdorffer
#CTI #ThreatIntel #PIVOTcon26
1
2
449
Validin retweeted
Ok, real question: how many of you have mistyped regsvr32.exe too?
New blog is out! Got a chance to take a peek at CastleLoader 🏰 and a .NET stealer we are calling CastleStealer (duh)
Their launch_method 4 calls regsrv32.exe. Yes, regsrv32.exe. The devs typo'd a binary that's been shipping since the 90s and never noticed :C
I also didn't forget to give @ValidinLLC a shoutout this time.
Would you check out the blog, pretty please? huntress.com/blog/clickfix-c…
6
28
102
13,804
Validin retweeted
Apr 14
🚨 The LABScon 2026 Call for Papers is officially OPEN!
🗓️ Deadline to submit: June 19, 2026
🔗 labscon.io <- find the button here
1
31
43
25,745
Validin retweeted
Apr 14
""Hello? I can’t hear you": Investigating UNC1069’s Fake Meeting Tactics" published by @ValidinLLC. #CabbageRAT, #ClickFix, #UNC1069, #DPRK, #CTI validin.com/blog/i_cant_hear…
1
5
11
1,058
Apr 14
In this guest post, researchers @lontze7 and @cfotopoulos2000 analyze UNC1069 sample behavior and track related infrastructure with Validin. They provide IOCs and show great detail. Check out out! ⤵️
New blog on @ValidinLLC with @cfotopoulos2000 !
"Hello? I can’t hear you": Investigating UNC1069’s Fake Meeting Tactics
validin.com/blog/i_cant_hear…
1
4
1,153
Validin retweeted
Raw IP data in Device ID reporting, with device_vendor set to Progress & device_model to ShareFile: shadowserver.org/what-we-do/…
Thank you to @ValidinLLC for the collaboration!
Dashboard World Map view: dashboard.shadowserver.org/s…
Dashboard Tree Map view:
dashboard.shadowserver.org/s…
1
2
4
1,447
Validin retweeted
657 instances shared for 2026-03-14. We expect to increase the volume of the feed in the future!
We would like to thank our Alliance partners and @ValidinLLC for the collaboration making this possible!
Background on investigating ClickFix/ClearFake: atea.no/siste-nytt/it-sikker…
3
5
1,839
Validin retweeted
Mar 10
📣#PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's speaker lineup.
2⃣days and 19 talks from leading #ThreatResearch experts.
The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵
#CTI #ThreatResearch
1/15
1
12
22
3,185
Mar 5
We're tracking the rapid proliferation of this exploit chain. Read our analysis of the C2 domains and the discovery of many recent dropper pages.
Tracing the iOS Exploit Kit from Ukraine to Iran War Lures:
validin.com/blog/aye_coruna_…
1
15
40
6,032
Mar 5
Read the original report from @IsMyPhoneHacked
x.com/IsMyPhoneHacked/status…
Mar 4
5 exploit chains, 23 exploits, nation-state grade malware has leaked with the capability to mass exploit iPhones. IOCs and technical overview on our blog:
iverify.io/blog/coruna-insid…
#iOS #malware #mobilesecurity #cybersecurity #cyberattack
1
1
1
866