banner
LightNews LightNews
itsmalware.bsky.social
it's malware
@itsmalware.bsky.social
120 followers 55 following 67 posts
Tweets are my own | #ctia | #threatintelligence | #lgbtQ | #malwareanalysis | 🇮🇶 🇨🇳 🇬🇷 🇦🇪 ☪️ ✡️ | #Actuallyautistic She/they
Posts Media Videos Starter Packs
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Sep 2
🎥 I’ll also have companion videos dropping on TikTok and YouTube coming soon.
#threatintelligence #cybersecurity #purpleteam
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Sep 2
🔹 Deven Chhajed on SoupDealer, a stealthy Java-based loader built to outmaneuver EDR.

Their work shows how much impactful research happens outside vendor reports — and why we need to pay attention.

📖 Read the full digest and past issues on my Substack & Medium via linktr.ee/itsmalware.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Sep 2
This week’s Threat Intelligence Digest highlights the work of independent researchers pushing the conversation forward:
🔹 Karthikeyan Nagaraj on how adversaries abuse SQLite databases to persist and exfiltrate data.
🔹 Aj on the hidden risks of malware lurking in smart home devices.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 26
📖 You can find my Substack and Medium write-ups here: linktr.ee/itsmalware

🎥 By the end of the week, I’ll also be publishing companion videos on TikTok and YouTube.

#threatintelligence #dprk #threathunting
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 26
From Belarus-linked Ghostwriter activity against Ukraine and Poland, to Scaly Wolf’s modular backdoors, and a DPRK operation using GitHub as covert C2, the reporting shows how state-backed actors keep innovating just enough to stay ahead while leaning on repeatable tradecraft.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 26
Week 14 is live!
This week I dropped the Threat Intelligence Digest and a deep dive into one of the most interesting campaigns we’ve tracked lately.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 19
Weekly Threat Intelligence Update:
I’ve been under the weather and had to pause this week’s review (Week 16). Thank you all for the continued support and engagement over the past weeks—it truly means a lot. Regular updates will hopefully resume next week.
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 13
You can find the new releases on the Notion Marketplace, and check my Linktree for past write-ups, previous templates, and other resources.
linktr.ee/itsmalware
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 13
We're also getting close to releasing the entire Threat-Intelligence Program Template, which will tie all of these tools together into a complete, end-to-end workflow.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 13
This week, we released two new templates to support the intelligence lifecycle - now available on the Notion Marketplace.
Both are built for operational environments, not theory, and designed to integrate directly with your existing RFI/PIR workflows.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 4
We’re aiming to drop more templates next week, for analysts without a big team or enterprise tooling.
Prefer reading? Watching? Skimming?
You can now get the digest on Medium, Substack, or YouTube!
linktr.ee/itsmalware
If this helped, share it. A lot of us are out here flying solo.
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 4
To hiring managers: There’s no excuse for paying someone with a TS/SCI and niche tradecraft under $100K in the DC area. Period. When I’m able to build a team, I won’t cut wages to “match the market.”
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 4
To cybersecurity media: if you’re referencing analyst-driven work, attribution should be obvious and upfront. If your readers have to dig, reverse-search, or guess the source, you’re skirting dangerously close to plagiarism. Respect the work. Credit the original.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Aug 4
This week’s digest covers:
• Silver Fox abusing Google Translate to deliver Winos RAT
• Storm-2603 evolving from ToolShell exploits to DNS-backdoored ransomware
• LockBit affiliates continuing their DLL sideloading campaigns
• Plague, a stealthy PAM-based Linux backdoor with zero VirusTotal hits
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 29
it’s happening in the wild, and adversaries are adapting faster than our controls.
📬 Full digest (TTPs, mitigations, and context): linktr.ee/itsmalware
#ThreatIntel #CVE202553770 #SharePoint #LinuxMalware #LLM #PromptInjection #BlueTeam #PurpleTeam #GovCyber #IndigoINT #CTI #AIThreats
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 29
Weaponized LLM summarizers (like Gemini) are being hijacked to trick users into calling fake Google support. These are live, exploitable behaviors, not hypothetical.
🧠 We believe it’s time the community formally recognize a new threat category: LLM-Enabled Attacks.
This is no longer fringe research
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 29
A stealth Linux payload hidden in a polyglot image. Memory-only execution, rootkit persistence, dynamic proxy discovery—modular enough to look LLM-authored.
🔹 Prompt Injection in the Real World
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 29
Attackers are stealing machine keys, forging tokens, and maintaining long-term, unauthenticated access. This one’s already hitting gov networks. If your blue and purple teams haven’t been alerted, stop scrolling.
🔹 Koske Malware – AI-Assisted Cryptominer
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 29
🚨 This Week in Threat Intel – Digest #13 is Live 🚨
Our latest roundup covers three high-impact threats, all grounded in real-world exploitation, not theory:
🔹 SharePoint Zero-Day (CVE-2025-53770)
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 24
❗ But protections must include key rotation, AMSI, Defender AV, and hardened monitoring.

We’re covering the full threat chain and mitigation breakdown in next week’s drop. Stay sharp.

#ThreatIntel #CyberSecurity #SharePoint #CVE202553770 #ZeroDay #PurpleTeam #BlueTeam #GovCyber #IndigoINT
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 24
Attackers are using it to steal machine keys and gain persistent, unauthenticated access—even after reboots and web shell cleanup. We’ve already seen this abused across federal and global orgs.
✅ Emergency patches are out.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 24
🚨 Sneak Peek from Next Week’s Digest 🚨
Heads up to my contacts in the government space:

If your purple and blue teams haven’t been briefed on CVE-2025-53770 yet, now’s the time. This critical SharePoint zero-day is being actively exploited in the wild, and patching alone won’t cut it.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 22
❤️🔥 In the dark, we are all the same.❤️🔥

— Yasmine | IndigoINT

#ThreatIntelligence #CyberSecurity #CTI #BlueTeam #Infosec #NotionForAnalysts #NeurodivergentFriendly #MalwareAnalysis #CyberThreatIntel #IntelOps #MalwareTikTok #NotionTemplates
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 22
We are you.

We’re here to make the work easier, sharper, and more human.

More templates, more deep-dives, and more analyst-centered workflows are on the way.

If you’re trying to build a real threat intelligence program or just trying to survive until Friday, we’ve got something for you.
1
itsmalware.bsky.social
it's malware @itsmalware.bsky.social · Jul 22
📱 @its.malware on TikTok: (www.tiktok.com/@its.malware...)
---

🔎 These digests are for:

- The analyst triaging 20 open tabs
- The detection engineer pivoting fast without context
- The CISO who needs to understand why this matters without reading three different pieces of content

We see you.
1