it's malware
@itsmalware.bsky.social
Tweets are my own | #ctia | #threatintelligence | #lgbtQ | #malwareanalysis | 🇮🇶 🇨🇳 🇬🇷 🇦🇪 ☪️ ✡️ | #Actuallyautistic
She/they
She/they
🎥 I’ll also have companion videos dropping on TikTok and YouTube coming soon.
#threatintelligence #cybersecurity #purpleteam
#threatintelligence #cybersecurity #purpleteam
September 2, 2025 at 5:00 PM
🎥 I’ll also have companion videos dropping on TikTok and YouTube coming soon.
#threatintelligence #cybersecurity #purpleteam
#threatintelligence #cybersecurity #purpleteam
🔹 Deven Chhajed on SoupDealer, a stealthy Java-based loader built to outmaneuver EDR.
Their work shows how much impactful research happens outside vendor reports — and why we need to pay attention.
📖 Read the full digest and past issues on my Substack & Medium via linktr.ee/itsmalware.
Their work shows how much impactful research happens outside vendor reports — and why we need to pay attention.
📖 Read the full digest and past issues on my Substack & Medium via linktr.ee/itsmalware.
September 2, 2025 at 5:00 PM
🔹 Deven Chhajed on SoupDealer, a stealthy Java-based loader built to outmaneuver EDR.
Their work shows how much impactful research happens outside vendor reports — and why we need to pay attention.
📖 Read the full digest and past issues on my Substack & Medium via linktr.ee/itsmalware.
Their work shows how much impactful research happens outside vendor reports — and why we need to pay attention.
📖 Read the full digest and past issues on my Substack & Medium via linktr.ee/itsmalware.
📖 You can find my Substack and Medium write-ups here: linktr.ee/itsmalware
🎥 By the end of the week, I’ll also be publishing companion videos on TikTok and YouTube.
#threatintelligence #dprk #threathunting
🎥 By the end of the week, I’ll also be publishing companion videos on TikTok and YouTube.
#threatintelligence #dprk #threathunting
August 26, 2025 at 9:01 PM
📖 You can find my Substack and Medium write-ups here: linktr.ee/itsmalware
🎥 By the end of the week, I’ll also be publishing companion videos on TikTok and YouTube.
#threatintelligence #dprk #threathunting
🎥 By the end of the week, I’ll also be publishing companion videos on TikTok and YouTube.
#threatintelligence #dprk #threathunting
From Belarus-linked Ghostwriter activity against Ukraine and Poland, to Scaly Wolf’s modular backdoors, and a DPRK operation using GitHub as covert C2, the reporting shows how state-backed actors keep innovating just enough to stay ahead while leaning on repeatable tradecraft.
August 26, 2025 at 9:01 PM
From Belarus-linked Ghostwriter activity against Ukraine and Poland, to Scaly Wolf’s modular backdoors, and a DPRK operation using GitHub as covert C2, the reporting shows how state-backed actors keep innovating just enough to stay ahead while leaning on repeatable tradecraft.
You can find the new releases on the Notion Marketplace, and check my Linktree for past write-ups, previous templates, and other resources.
linktr.ee/itsmalware
linktr.ee/itsmalware
August 13, 2025 at 5:05 PM
You can find the new releases on the Notion Marketplace, and check my Linktree for past write-ups, previous templates, and other resources.
linktr.ee/itsmalware
linktr.ee/itsmalware
We're also getting close to releasing the entire Threat-Intelligence Program Template, which will tie all of these tools together into a complete, end-to-end workflow.
August 13, 2025 at 5:05 PM
We're also getting close to releasing the entire Threat-Intelligence Program Template, which will tie all of these tools together into a complete, end-to-end workflow.
We’re aiming to drop more templates next week, for analysts without a big team or enterprise tooling.
Prefer reading? Watching? Skimming?
You can now get the digest on Medium, Substack, or YouTube!
linktr.ee/itsmalware
If this helped, share it. A lot of us are out here flying solo.
Prefer reading? Watching? Skimming?
You can now get the digest on Medium, Substack, or YouTube!
linktr.ee/itsmalware
If this helped, share it. A lot of us are out here flying solo.
August 4, 2025 at 4:06 PM
We’re aiming to drop more templates next week, for analysts without a big team or enterprise tooling.
Prefer reading? Watching? Skimming?
You can now get the digest on Medium, Substack, or YouTube!
linktr.ee/itsmalware
If this helped, share it. A lot of us are out here flying solo.
Prefer reading? Watching? Skimming?
You can now get the digest on Medium, Substack, or YouTube!
linktr.ee/itsmalware
If this helped, share it. A lot of us are out here flying solo.
To hiring managers: There’s no excuse for paying someone with a TS/SCI and niche tradecraft under $100K in the DC area. Period. When I’m able to build a team, I won’t cut wages to “match the market.”
August 4, 2025 at 4:06 PM
To hiring managers: There’s no excuse for paying someone with a TS/SCI and niche tradecraft under $100K in the DC area. Period. When I’m able to build a team, I won’t cut wages to “match the market.”
To cybersecurity media: if you’re referencing analyst-driven work, attribution should be obvious and upfront. If your readers have to dig, reverse-search, or guess the source, you’re skirting dangerously close to plagiarism. Respect the work. Credit the original.
August 4, 2025 at 4:06 PM
To cybersecurity media: if you’re referencing analyst-driven work, attribution should be obvious and upfront. If your readers have to dig, reverse-search, or guess the source, you’re skirting dangerously close to plagiarism. Respect the work. Credit the original.
it’s happening in the wild, and adversaries are adapting faster than our controls.
📬 Full digest (TTPs, mitigations, and context): linktr.ee/itsmalware
#ThreatIntel #CVE202553770 #SharePoint #LinuxMalware #LLM #PromptInjection #BlueTeam #PurpleTeam #GovCyber #IndigoINT #CTI #AIThreats
📬 Full digest (TTPs, mitigations, and context): linktr.ee/itsmalware
#ThreatIntel #CVE202553770 #SharePoint #LinuxMalware #LLM #PromptInjection #BlueTeam #PurpleTeam #GovCyber #IndigoINT #CTI #AIThreats
July 29, 2025 at 1:01 PM
it’s happening in the wild, and adversaries are adapting faster than our controls.
📬 Full digest (TTPs, mitigations, and context): linktr.ee/itsmalware
#ThreatIntel #CVE202553770 #SharePoint #LinuxMalware #LLM #PromptInjection #BlueTeam #PurpleTeam #GovCyber #IndigoINT #CTI #AIThreats
📬 Full digest (TTPs, mitigations, and context): linktr.ee/itsmalware
#ThreatIntel #CVE202553770 #SharePoint #LinuxMalware #LLM #PromptInjection #BlueTeam #PurpleTeam #GovCyber #IndigoINT #CTI #AIThreats
Weaponized LLM summarizers (like Gemini) are being hijacked to trick users into calling fake Google support. These are live, exploitable behaviors, not hypothetical.
🧠 We believe it’s time the community formally recognize a new threat category: LLM-Enabled Attacks.
This is no longer fringe research
🧠 We believe it’s time the community formally recognize a new threat category: LLM-Enabled Attacks.
This is no longer fringe research
July 29, 2025 at 1:01 PM
Weaponized LLM summarizers (like Gemini) are being hijacked to trick users into calling fake Google support. These are live, exploitable behaviors, not hypothetical.
🧠 We believe it’s time the community formally recognize a new threat category: LLM-Enabled Attacks.
This is no longer fringe research
🧠 We believe it’s time the community formally recognize a new threat category: LLM-Enabled Attacks.
This is no longer fringe research
A stealth Linux payload hidden in a polyglot image. Memory-only execution, rootkit persistence, dynamic proxy discovery—modular enough to look LLM-authored.
🔹 Prompt Injection in the Real World
🔹 Prompt Injection in the Real World
July 29, 2025 at 1:01 PM
A stealth Linux payload hidden in a polyglot image. Memory-only execution, rootkit persistence, dynamic proxy discovery—modular enough to look LLM-authored.
🔹 Prompt Injection in the Real World
🔹 Prompt Injection in the Real World
Attackers are stealing machine keys, forging tokens, and maintaining long-term, unauthenticated access. This one’s already hitting gov networks. If your blue and purple teams haven’t been alerted, stop scrolling.
🔹 Koske Malware – AI-Assisted Cryptominer
🔹 Koske Malware – AI-Assisted Cryptominer
July 29, 2025 at 1:01 PM
Attackers are stealing machine keys, forging tokens, and maintaining long-term, unauthenticated access. This one’s already hitting gov networks. If your blue and purple teams haven’t been alerted, stop scrolling.
🔹 Koske Malware – AI-Assisted Cryptominer
🔹 Koske Malware – AI-Assisted Cryptominer
❗ But protections must include key rotation, AMSI, Defender AV, and hardened monitoring.
We’re covering the full threat chain and mitigation breakdown in next week’s drop. Stay sharp.
#ThreatIntel #CyberSecurity #SharePoint #CVE202553770 #ZeroDay #PurpleTeam #BlueTeam #GovCyber #IndigoINT
We’re covering the full threat chain and mitigation breakdown in next week’s drop. Stay sharp.
#ThreatIntel #CyberSecurity #SharePoint #CVE202553770 #ZeroDay #PurpleTeam #BlueTeam #GovCyber #IndigoINT
July 24, 2025 at 5:04 PM
❗ But protections must include key rotation, AMSI, Defender AV, and hardened monitoring.
We’re covering the full threat chain and mitigation breakdown in next week’s drop. Stay sharp.
#ThreatIntel #CyberSecurity #SharePoint #CVE202553770 #ZeroDay #PurpleTeam #BlueTeam #GovCyber #IndigoINT
We’re covering the full threat chain and mitigation breakdown in next week’s drop. Stay sharp.
#ThreatIntel #CyberSecurity #SharePoint #CVE202553770 #ZeroDay #PurpleTeam #BlueTeam #GovCyber #IndigoINT
Attackers are using it to steal machine keys and gain persistent, unauthenticated access—even after reboots and web shell cleanup. We’ve already seen this abused across federal and global orgs.
✅ Emergency patches are out.
✅ Emergency patches are out.
July 24, 2025 at 5:04 PM
Attackers are using it to steal machine keys and gain persistent, unauthenticated access—even after reboots and web shell cleanup. We’ve already seen this abused across federal and global orgs.
✅ Emergency patches are out.
✅ Emergency patches are out.
❤️🔥 In the dark, we are all the same.❤️🔥
— Yasmine | IndigoINT
#ThreatIntelligence #CyberSecurity #CTI #BlueTeam #Infosec #NotionForAnalysts #NeurodivergentFriendly #MalwareAnalysis #CyberThreatIntel #IntelOps #MalwareTikTok #NotionTemplates
— Yasmine | IndigoINT
#ThreatIntelligence #CyberSecurity #CTI #BlueTeam #Infosec #NotionForAnalysts #NeurodivergentFriendly #MalwareAnalysis #CyberThreatIntel #IntelOps #MalwareTikTok #NotionTemplates
July 22, 2025 at 5:56 PM
❤️🔥 In the dark, we are all the same.❤️🔥
— Yasmine | IndigoINT
#ThreatIntelligence #CyberSecurity #CTI #BlueTeam #Infosec #NotionForAnalysts #NeurodivergentFriendly #MalwareAnalysis #CyberThreatIntel #IntelOps #MalwareTikTok #NotionTemplates
— Yasmine | IndigoINT
#ThreatIntelligence #CyberSecurity #CTI #BlueTeam #Infosec #NotionForAnalysts #NeurodivergentFriendly #MalwareAnalysis #CyberThreatIntel #IntelOps #MalwareTikTok #NotionTemplates
We are you.
We’re here to make the work easier, sharper, and more human.
More templates, more deep-dives, and more analyst-centered workflows are on the way.
If you’re trying to build a real threat intelligence program or just trying to survive until Friday, we’ve got something for you.
We’re here to make the work easier, sharper, and more human.
More templates, more deep-dives, and more analyst-centered workflows are on the way.
If you’re trying to build a real threat intelligence program or just trying to survive until Friday, we’ve got something for you.
July 22, 2025 at 5:56 PM
We are you.
We’re here to make the work easier, sharper, and more human.
More templates, more deep-dives, and more analyst-centered workflows are on the way.
If you’re trying to build a real threat intelligence program or just trying to survive until Friday, we’ve got something for you.
We’re here to make the work easier, sharper, and more human.
More templates, more deep-dives, and more analyst-centered workflows are on the way.
If you’re trying to build a real threat intelligence program or just trying to survive until Friday, we’ve got something for you.
📱 @its.malware on TikTok: (www.tiktok.com/@its.malware...)
---
🔎 These digests are for:
- The analyst triaging 20 open tabs
- The detection engineer pivoting fast without context
- The CISO who needs to understand why this matters without reading three different pieces of content
We see you.
---
🔎 These digests are for:
- The analyst triaging 20 open tabs
- The detection engineer pivoting fast without context
- The CISO who needs to understand why this matters without reading three different pieces of content
We see you.
July 22, 2025 at 5:56 PM
📱 @its.malware on TikTok: (www.tiktok.com/@its.malware...)
---
🔎 These digests are for:
- The analyst triaging 20 open tabs
- The detection engineer pivoting fast without context
- The CISO who needs to understand why this matters without reading three different pieces of content
We see you.
---
🔎 These digests are for:
- The analyst triaging 20 open tabs
- The detection engineer pivoting fast without context
- The CISO who needs to understand why this matters without reading three different pieces of content
We see you.