it's malware
@itsmalware.bsky.social
Tweets are my own | #ctia | #threatintelligence | #lgbtQ | #malwareanalysis | 🇮🇶 🇨🇳 🇬🇷 🇦🇪 ☪️ ✡️ | #Actuallyautistic
She/they
She/they
This week’s Threat Intelligence Digest highlights the work of independent researchers pushing the conversation forward:
🔹 Karthikeyan Nagaraj on how adversaries abuse SQLite databases to persist and exfiltrate data.
🔹 Aj on the hidden risks of malware lurking in smart home devices.
🔹 Karthikeyan Nagaraj on how adversaries abuse SQLite databases to persist and exfiltrate data.
🔹 Aj on the hidden risks of malware lurking in smart home devices.
September 2, 2025 at 5:00 PM
This week’s Threat Intelligence Digest highlights the work of independent researchers pushing the conversation forward:
🔹 Karthikeyan Nagaraj on how adversaries abuse SQLite databases to persist and exfiltrate data.
🔹 Aj on the hidden risks of malware lurking in smart home devices.
🔹 Karthikeyan Nagaraj on how adversaries abuse SQLite databases to persist and exfiltrate data.
🔹 Aj on the hidden risks of malware lurking in smart home devices.
Week 14 is live!
This week I dropped the Threat Intelligence Digest and a deep dive into one of the most interesting campaigns we’ve tracked lately.
This week I dropped the Threat Intelligence Digest and a deep dive into one of the most interesting campaigns we’ve tracked lately.
August 26, 2025 at 9:01 PM
Week 14 is live!
This week I dropped the Threat Intelligence Digest and a deep dive into one of the most interesting campaigns we’ve tracked lately.
This week I dropped the Threat Intelligence Digest and a deep dive into one of the most interesting campaigns we’ve tracked lately.
Weekly Threat Intelligence Update:
I’ve been under the weather and had to pause this week’s review (Week 16). Thank you all for the continued support and engagement over the past weeks—it truly means a lot. Regular updates will hopefully resume next week.
I’ve been under the weather and had to pause this week’s review (Week 16). Thank you all for the continued support and engagement over the past weeks—it truly means a lot. Regular updates will hopefully resume next week.
August 19, 2025 at 6:34 PM
Weekly Threat Intelligence Update:
I’ve been under the weather and had to pause this week’s review (Week 16). Thank you all for the continued support and engagement over the past weeks—it truly means a lot. Regular updates will hopefully resume next week.
I’ve been under the weather and had to pause this week’s review (Week 16). Thank you all for the continued support and engagement over the past weeks—it truly means a lot. Regular updates will hopefully resume next week.
This week, we released two new templates to support the intelligence lifecycle - now available on the Notion Marketplace.
Both are built for operational environments, not theory, and designed to integrate directly with your existing RFI/PIR workflows.
Both are built for operational environments, not theory, and designed to integrate directly with your existing RFI/PIR workflows.
August 13, 2025 at 5:05 PM
This week, we released two new templates to support the intelligence lifecycle - now available on the Notion Marketplace.
Both are built for operational environments, not theory, and designed to integrate directly with your existing RFI/PIR workflows.
Both are built for operational environments, not theory, and designed to integrate directly with your existing RFI/PIR workflows.
This week’s digest covers:
• Silver Fox abusing Google Translate to deliver Winos RAT
• Storm-2603 evolving from ToolShell exploits to DNS-backdoored ransomware
• LockBit affiliates continuing their DLL sideloading campaigns
• Plague, a stealthy PAM-based Linux backdoor with zero VirusTotal hits
• Silver Fox abusing Google Translate to deliver Winos RAT
• Storm-2603 evolving from ToolShell exploits to DNS-backdoored ransomware
• LockBit affiliates continuing their DLL sideloading campaigns
• Plague, a stealthy PAM-based Linux backdoor with zero VirusTotal hits
August 4, 2025 at 4:06 PM
This week’s digest covers:
• Silver Fox abusing Google Translate to deliver Winos RAT
• Storm-2603 evolving from ToolShell exploits to DNS-backdoored ransomware
• LockBit affiliates continuing their DLL sideloading campaigns
• Plague, a stealthy PAM-based Linux backdoor with zero VirusTotal hits
• Silver Fox abusing Google Translate to deliver Winos RAT
• Storm-2603 evolving from ToolShell exploits to DNS-backdoored ransomware
• LockBit affiliates continuing their DLL sideloading campaigns
• Plague, a stealthy PAM-based Linux backdoor with zero VirusTotal hits
🚨 This Week in Threat Intel – Digest #13 is Live 🚨
Our latest roundup covers three high-impact threats, all grounded in real-world exploitation, not theory:
🔹 SharePoint Zero-Day (CVE-2025-53770)
Our latest roundup covers three high-impact threats, all grounded in real-world exploitation, not theory:
🔹 SharePoint Zero-Day (CVE-2025-53770)
July 29, 2025 at 1:01 PM
🚨 This Week in Threat Intel – Digest #13 is Live 🚨
Our latest roundup covers three high-impact threats, all grounded in real-world exploitation, not theory:
🔹 SharePoint Zero-Day (CVE-2025-53770)
Our latest roundup covers three high-impact threats, all grounded in real-world exploitation, not theory:
🔹 SharePoint Zero-Day (CVE-2025-53770)
🚨 Sneak Peek from Next Week’s Digest 🚨
Heads up to my contacts in the government space:
If your purple and blue teams haven’t been briefed on CVE-2025-53770 yet, now’s the time. This critical SharePoint zero-day is being actively exploited in the wild, and patching alone won’t cut it.
Heads up to my contacts in the government space:
If your purple and blue teams haven’t been briefed on CVE-2025-53770 yet, now’s the time. This critical SharePoint zero-day is being actively exploited in the wild, and patching alone won’t cut it.
July 24, 2025 at 5:04 PM
🚨 Sneak Peek from Next Week’s Digest 🚨
Heads up to my contacts in the government space:
If your purple and blue teams haven’t been briefed on CVE-2025-53770 yet, now’s the time. This critical SharePoint zero-day is being actively exploited in the wild, and patching alone won’t cut it.
Heads up to my contacts in the government space:
If your purple and blue teams haven’t been briefed on CVE-2025-53770 yet, now’s the time. This critical SharePoint zero-day is being actively exploited in the wild, and patching alone won’t cut it.
🧠 Threat Intelligence: Week Ending July 20th, 2025
This week’s drop is live and we’re focusing on the heart of the Threat Intelligence Lifecycle: Processing and Analysis.
This is the stage where raw indicators become insight. Where screenshots, IOCs, and loose observations start forming a story.
This week’s drop is live and we’re focusing on the heart of the Threat Intelligence Lifecycle: Processing and Analysis.
This is the stage where raw indicators become insight. Where screenshots, IOCs, and loose observations start forming a story.
IndigoINT | Template Creator | Notion Marketplace
Discover new ways to use Notion across work and life.
www.notion.com
July 22, 2025 at 5:56 PM
🧠 Threat Intelligence: Week Ending July 20th, 2025
This week’s drop is live and we’re focusing on the heart of the Threat Intelligence Lifecycle: Processing and Analysis.
This is the stage where raw indicators become insight. Where screenshots, IOCs, and loose observations start forming a story.
This week’s drop is live and we’re focusing on the heart of the Threat Intelligence Lifecycle: Processing and Analysis.
This is the stage where raw indicators become insight. Where screenshots, IOCs, and loose observations start forming a story.
💥 New Weekly Threat Intel Digest is live
🔗 All links here: linktr.ee/itsmalware
I started writing these digests after getting laid off in April. The job market has been brutal and with a family to support, I’m doing everything I can to stay afloat, stay sharp, and keep contributing to the community.
🔗 All links here: linktr.ee/itsmalware
I started writing these digests after getting laid off in April. The job market has been brutal and with a family to support, I’m doing everything I can to stay afloat, stay sharp, and keep contributing to the community.
itsmalware | TikTok | Linktree
Perfumes & Threat Intel | Building a shop and a community one byte at a time!
linktr.ee
July 14, 2025 at 3:38 PM
💥 New Weekly Threat Intel Digest is live
🔗 All links here: linktr.ee/itsmalware
I started writing these digests after getting laid off in April. The job market has been brutal and with a family to support, I’m doing everything I can to stay afloat, stay sharp, and keep contributing to the community.
🔗 All links here: linktr.ee/itsmalware
I started writing these digests after getting laid off in April. The job market has been brutal and with a family to support, I’m doing everything I can to stay afloat, stay sharp, and keep contributing to the community.
🚨 This Week’s Threat Intel — Iranian-Hosted Infrastructure for Crypto Theft & Dev Targeting 🚨
IndigoINT is bringing internal analysis to the table this week. Thanks to Hunt.io we’ve been tracking malware distributed via Iranian hosting, blending:
IndigoINT is bringing internal analysis to the table this week. Thanks to Hunt.io we’ve been tracking malware distributed via Iranian hosting, blending:
Threat Hunting Platform | C2 & Malicious Infrastructure Hunting
Explore the leading Threat Hunting Platform, discover active C2 servers, perform proactive infrastructure hunting and more.
Hunt.io
July 8, 2025 at 2:47 PM
🚨 This Week’s Threat Intel — Iranian-Hosted Infrastructure for Crypto Theft & Dev Targeting 🚨
IndigoINT is bringing internal analysis to the table this week. Thanks to Hunt.io we’ve been tracking malware distributed via Iranian hosting, blending:
IndigoINT is bringing internal analysis to the table this week. Thanks to Hunt.io we’ve been tracking malware distributed via Iranian hosting, blending:
This week’s digest highlights the continued rise of politically motivated attacks, evolving malware delivery techniques, and abuse of trusted platforms. Now is a great time to ensure your intelligence teams have clear visibility into the threats most relevant to your environment.
Threat Intelligence Digest — Week Ending:June 29th 2025 [Paid]
🗓️ This Week in Threats – June 23 -29th, 2025 This week’s digest highlights politically motivated cyber activity and evolving abuse of trusted tools. Watch for OneClik targeting critical infrastructur...
itsmalware.substack.com
June 30, 2025 at 5:31 PM
This week’s digest highlights the continued rise of politically motivated attacks, evolving malware delivery techniques, and abuse of trusted platforms. Now is a great time to ensure your intelligence teams have clear visibility into the threats most relevant to your environment.
This week underscores a consistent truth: politically motivated tensions and cyber operations don’t stay isolated. Even if you aren’t directly targeted, nation-state TTPs, like phishing lures themed around current events, SEO poisoning, or reused infrastructure, often resurface across sectors.
Collections Bundle – Notion Templates (IndigoINT)
Description:The Threat Hunter’s Mini-Kit Bundle provides fast, lightweight Notion templates for threat hunters, SOC teams, and detection engineers who need structure without bureaucracy.This bundle in...
indigoint.gumroad.com
June 23, 2025 at 8:44 PM
This week underscores a consistent truth: politically motivated tensions and cyber operations don’t stay isolated. Even if you aren’t directly targeted, nation-state TTPs, like phishing lures themed around current events, SEO poisoning, or reused infrastructure, often resurface across sectors.
📅 Threat Intelligence Digest — Week Ending June 15, 2025
This week’s edition covers both escalation and erosion across the global threat landscape:
#ThreatIntelligence #CyberSecurity #APT #Ransomware #CTI #Malware #InfoSec #CyberThreats #IndigoINT
This week’s edition covers both escalation and erosion across the global threat landscape:
#ThreatIntelligence #CyberSecurity #APT #Ransomware #CTI #Malware #InfoSec #CyberThreats #IndigoINT
Threat Intelligence Digest — Week Ending:June 15th, 2025 [Free]
📆 Week of June 9th — 15th, 2025 This week’s digest highlights major developments across state-sponsored and criminal cyber operations.
medium.com
June 16, 2025 at 8:04 PM
📅 Threat Intelligence Digest — Week Ending June 15, 2025
This week’s edition covers both escalation and erosion across the global threat landscape:
#ThreatIntelligence #CyberSecurity #APT #Ransomware #CTI #Malware #InfoSec #CyberThreats #IndigoINT
This week’s edition covers both escalation and erosion across the global threat landscape:
#ThreatIntelligence #CyberSecurity #APT #Ransomware #CTI #Malware #InfoSec #CyberThreats #IndigoINT
When you accidentally find a malware dev because someone leaked his work in VT. 😲 Really thinking to blog this one.
November 17, 2024 at 2:01 PM
When you accidentally find a malware dev because someone leaked his work in VT. 😲 Really thinking to blog this one.
Reposted by it's malware
The preliminary sequence from the H5N1 human case in British Columbia has been posted and it is not good news. The virus potentially has a quasispecies at HA residue 226 (H3 numbering). This is bad news because we know that mutations at residue 226 can increase binding to human receptors. 1/
November 16, 2024 at 3:19 PM
The preliminary sequence from the H5N1 human case in British Columbia has been posted and it is not good news. The virus potentially has a quasispecies at HA residue 226 (H3 numbering). This is bad news because we know that mutations at residue 226 can increase binding to human receptors. 1/
If you want to hire a threat intelligence analyst, be ready to provide paid tools! AND you should either hire a manager for Intel or do all the sop and ground work documentation yourself.
Please don't hire intelligence analysts and have them start guessing what they should be doing.
Please don't hire intelligence analysts and have them start guessing what they should be doing.
November 15, 2024 at 2:58 PM
If you want to hire a threat intelligence analyst, be ready to provide paid tools! AND you should either hire a manager for Intel or do all the sop and ground work documentation yourself.
Please don't hire intelligence analysts and have them start guessing what they should be doing.
Please don't hire intelligence analysts and have them start guessing what they should be doing.
The amount of people who think threat intelligence is IOC feeds is alarming.
November 14, 2024 at 12:02 PM
The amount of people who think threat intelligence is IOC feeds is alarming.
Reposted by it's malware
If we collected what is actually owed, we could forgive student loans, invest more in infrastructure and green energy, protect social security and help Ukraine beat Russia. I call that multiple win-wins.
December 24, 2023 at 6:59 PM
If we collected what is actually owed, we could forgive student loans, invest more in infrastructure and green energy, protect social security and help Ukraine beat Russia. I call that multiple win-wins.
All the people seeking peace and freedom for those without a voice give me hope. October and November I learned about multiple genocides happening all at the same time in 2023.
November 16, 2023 at 1:42 PM
All the people seeking peace and freedom for those without a voice give me hope. October and November I learned about multiple genocides happening all at the same time in 2023.
Reposted by it's malware
Hands up if you thought Brand had already been found guilty of being a sex predator years ago.
September 19, 2023 at 2:40 AM
Hands up if you thought Brand had already been found guilty of being a sex predator years ago.
As an autistic person, social media reminds me of high school. It's another popularity contest and full of fake friends.
Then again maybe that's all life is?
Then again maybe that's all life is?
September 18, 2023 at 10:01 PM
As an autistic person, social media reminds me of high school. It's another popularity contest and full of fake friends.
Then again maybe that's all life is?
Then again maybe that's all life is?
I underestimated this procedure and recovery process 😭
September 2, 2023 at 4:36 PM
I underestimated this procedure and recovery process 😭
It's almost time!! Masked and ready for camp!
July 30, 2023 at 8:11 PM
It's almost time!! Masked and ready for camp!
Stg no one sees my post on any social media. 😂
July 14, 2023 at 10:16 PM
Stg no one sees my post on any social media. 😂