Phish Stix

@500mk500 The logo seems to associate it to Yacht, an open source tool for managing Docker containers.

35.196.105\.113:8000 <-- Who can give a hint what this panel is all about?

Found some very common adware quietly killing antivirus products. Then we found an unregistered update domain, and anyone with $10 could have pushed any payload to 25,000+ endpoints, AV already disabled. So we registered it first. huntress.com/blog/pups-grow… Big thanks to @_rdowd

Anybody know if hunt io killed their free community tier?

@JasonAtwell14 Nah these are just the new gut trucks at Benning...

This Fury sequel looks pretty lit.

Microsoft Defender researchers observed attackers using yet another evasion approach to the ClickFix technique: Asking targets to run a command that executes a custom DNS lookup and parses the `Name:` response to receive the next-stage payload for execution.

@curi0usJack Seems pretty decent to me. Requires active management tho. Muting all pol keywords and irrelevant mainstream garbage, etc. Engaging on quality sources to tune algo. I get more actionable info from here than most of the 6 fig platforms out there.

Feels like the infosec scene on social media is drying up for some reason. My infosec list is mostly cat pics and a few blog posts now. Makes me wonder if people are just sucked in to AI at the moment. And before anyone cries bluesky at me, I checked and for the most part it's a bunch of dead accounts and political takes over there also.

@luke92881 @s1dhy @SquiblydooBlog @andrewdanis @banthisguy9349 @struppigel Seeing several associated files under same signer: Uninstall.exe 7zipinstall.exe 7z.exe 7zG.exe Also observed same wild network traffic. Connections to hero-sms and smshero domains. Anybody nail down the sms piece yet?

@s1dhy @SquiblydooBlog @andrewdanis @banthisguy9349 @struppigel That is super interesting, I was going to go back and do a deeper dive in my PCAPs today to figure out the rest of the traffic, but looks like you got it. Awesome job! Thanks for sharing.

Signed probable malware: JOZEAL NETWORK TECHNOLOGY CO., LIMITED serial: 7C C7 2B F8 0D FD C1 84 E6 6C 93 A1 virustotal.com/gui/file/408a8… drops "uphero" and "hero" in c:\windows\syswow64\hero\

@luke92881 @SquiblydooBlog Seeing installs as App.exe and free-pdf-creator.exe as well

Suspect fake PDF/Doc converters from cert "METROPOLITAN DESIGN LLC". DocuKing, PDFStar, PDFWorld, and PDFConfigurator (free-pdf-creator) @SquiblydooBlog

From 2020-2024, I tracked the SolarMarker malware, and in 2024, monitored a self-infection for months to learn their actions-on-objectives: on-device fraud. I didn't publish the details of my months long investigation until now. Check the link the the attached comment.

@HackingLZ @ex_raritas @Huntio +1 for huntio. Especially after Censys changed its business model to exclude us poors.

@ex_raritas I generally use @Huntio

This is a nice mash up

@Osinttechnical And they just got popped by Kyber ransomware. That's weird...

L3Harris is building a new 60,000 square foot production facility in Arkansas to handle the production of GMLRS rockets for HIMARS and M270. The war in Ukraine has driven massive demand for the systems, with the U.S. production base expanding to match.

@SquiblydooBlog @malwaremarcus @struppigel @InvokeReversing My samples are gone but looks there's a handful on VT searching by name. Signer seen in VT samples, Pixel Catalyst Media LLC, also associated with AllManualsReader

@malwaremarcus @StixPhish @struppigel @InvokeReversing ManualFinder may/may not be related to "openmymanual", but I'd love to have a look if you can send a hash. I collaborated with Expel and wrote a long report regarding the campaign associated with manualfinder: expel.com/blog/the-histo…

Amazing reflection on trojans from @struppigel . JustAskJacky was using a code-signing certificate we reported last week "App Interplace LLC", they were running a few other campaigns too: AskBettyHow, DailyChefly, GoCookMate, etc. JustAskJacky C2: api[.]vtqgo0729ilnmyxs9q[.]com

@malwaremarcus @SquiblydooBlog @struppigel @InvokeReversing These references should help. App names can vary but from what I've seen they're all mostly the same under the hood. trendmicro.com/en_us/research… expel.com/blog/you-dont-…

@StixPhish @SquiblydooBlog @struppigel @InvokeReversing Do you have any more info regarding “openmymanual”? recently came across it and trying to determine what its end goal is. Anything helps!🙏

@DoingFedTime youtube.com/watch?v=6uz0bQ…

Feds always love talking about who it was that actually got taken down, or who's stuff they stole. It's interesting that there is ZERO mention of the 'who' in this.

@SquiblydooBlog @struppigel @InvokeReversing Similar activity from PDF themed apps turbofixpdf, effortlesspdf, and Manual Reader themed apps usermanualsonline, allmanualsreader, manualreaderpro, getmanualviewer, openmymanual. Node.exe launches malicious js files Many using same api.(RandomNumCharString).com format C2 URLs

@struppigel @InvokeReversing ; when I mentioned "oh yeah, I saw something with TamperedChef vibes" last week, this was it. Cert behavior differs from TamperedChef and I never had the chance to open up "DailyChefly" or "GoCookMate". JustAskJacky was using a obfuscated JavaScript file.

@Cyberknow20 @solostalking is correct. They advertised the new alphv imposter channel on the Babuk 2.0 channel.

So, is Blackcat ransomware back or not? If any of the ransomware focused folks wants to give an update, please do.

@DanLinnaeus I fail to see how this is indicative of any desire by the subject to associate with potentially questionable entities rather than simply evidence of PRC's widespread infiltration and influence across US society in general.

Washington Outsider Center for Information Warfare | Tulsi Gabbard and Chinese Influence: Risk of Overlapping PRC Gray Zone Threat Networks and Implications for National Security WOCIW Report: thewashingtonoutsidercenter.org/tulsi-gabbard-… For decades, the Gabbards, including Tulsi, have been embedded within an intergenerational network that spans corporate and philanthropic entities. On the corporate side, this network includes Healthy’s Inc. (formerly Down to Earth Inc.), a company acquired in 2007 by the Hong Kong-based Qi Group with noteworthy ties to the PRC and its geopolitical agendas. On the nonprofit side, the network encompasses the Science of Identity Foundation (SIF), the Wai Lan Yoga Trust, and a series of political committees, charitable foundations and disregarded entities with links to the Gabbards and varying degrees of overlap with the Qi Group—notably its co-chairman, Joseph Bismark, a lifelong member of SIF initiated at age 17 by its founder, Chris Butler. [i]   Despite Tulsi's public denials of involvement with SIF,[ii] her formal involvement with key SIF individuals, such as its Vice President, and Qi Group's Healthy's executives, on the directorial boards of political and charitable entities, coupled with her family's direct involvement in SIF’s operations, reflects the systemic integration of Gabbard and the Gabbard family into a broader network tied to the Qi Group and its chairmen. [iii] [iv] [v]   While questions of improper systemic overlap fall under the remit of compliance experts or regulatory authorities, the Qi Group’s acquisition of Healthy’s Inc. [vi] [vii]—a PRC-aligned organization with demonstrable ties to Gabbard and her inner circles—raises serious concerns about potential foreign influence. The group’s alignment with PRC interests and its centrality as an axis connecting PRC-aligned interests with Gabbard and her inner networks, coupled with its operational opacity, expansive use of offshore networks and extensive history of legal and regulatory issues, underscores the importance of assessing its proximity to Gabbard for potential entanglements.   Tulsi's embeddedness within such a network—improper or not—that may be steered by a potential foreign threat vector requires careful examination. Her prospective appointment to oversee U.S. intelligence operations presents inherent conflicts of interest that could undermines the impartiality of counterintelligence investigations and elevate the risk of U.S. exposure to malign foreign influence.   The U.S. Intelligence Community (IC) employs well-defined thresholds (e.g., reasonable basis, credible intelligence, pattern and trend analysis, etc,) to initiate investigations into foreign influence networks or cutouts. These thresholds are not predicated on proving guilt under legal standards such as preponderance of evidence or beyond a reasonable doubt but are instead based on the proactive identification of potential risks to U.S. national security. The Qi Group and its systemic ties to Gabbard and her inner circle prima facie exhibit features not inconsistent with a gray zone threat vector operating on behalf of PRC interests, displaying hallmarks of CI thresholds. Given the criticality of the DNI's role, these entities and its networks warrant counterintelligence scrutiny.   As DNI, Gabbard would oversee the entire U.S. intelligence apparatus, including the National Counterintelligence and Security Center (NCSC) and FBI counterintelligence divisions. This oversight involves directing and prioritizing resource allocation for collection and counterintelligence efforts. If her network meets CI investigative thresholds, it will create an inherent conflict of interest, compromising the IC’s independence and effectiveness. Gabbard cannot credibly oversee or direct investigations into herself, her family, and close associates—ties that span spousal, familial, and lifelong personal and professional relationships.   IC concerns of systemic conflicts of interest that may arise, or have arisen, during the confirmation process itself, warrant cautious scrutiny, as political sensitivities create a chilling effect within the IC, discouraging risk-proportionate investigations for fear of backlash. Historical examples of suppressed intelligence work during politically sensitive periods (e.g., Cold War-era counterintelligence efforts hampered by political interference) provide cautionary lessons. [viii] Recent calls by former IC officials to confirm Gabbard as DNI (former NSA Robert O'Brian, former DNI Ric Grenell, et al.) [ix] underscore politicization of the IC remains at the heart of the issue. Summary of Key Findings   Healthy’s Inc. (formerly Down to Earth, Inc.) and the Science of Identity Foundation share common roots and present a systemically overlapped network spanning consolidated assets, shared resources and leadership from inception. Public Land Court records acquired by researchers confirm that Carol Gabbard acted as Secretary and Treasurer for SIF, and reveal that Mike and Carol Gabbard personally guaranteed the 8 year lease for the foundation’s headquarter offices between 1996 and 2004. [x]    The Qi Group states that it acquired Healthy’s Inc in 2007, but publicly available evidence raises questions about earlier involvement, specifically surrounding significant restructuring of Healthy’s controlling interests in 2004. Concurrent transfers of Healthy’s shares to the Science of Identity Foundation (SIF) valued at fair market of almost $930,000 that year, coupled with significant fund flows in cash grants from the Wai Lan Yoga Trust, leave open questions about SIF and its founder wife's role in the network’s acquisition. [xi] [xii]   The Qi Group, a multinational corporation which publicly claims revenues in excess of $300 million per annum[xiii], maintains strategic partnerships with China aligned forums and policy centers (WCEF, WEF, ASLI, KSI, ISI and others),[xiv] [xv] while its executive co-chair, Vijay Eswaran, promotes the PRC’s geoeconomic and geopolitical agendas.[xvi]  Eswaran has participated in closed door meetings with senior CCP ministers, (e.g. former Chinese Premier Li Keqiang),[xvii] has ties to prominent policy formation leaders with strong relations with the CCP, particularly through the China Chamber of International Commerce (CCOIC),[xviii] and has contributed numerous publications advancing the PRC's Belt and Road Initiative (BRI) and related transcontinental geoeconomic projects critical to China’s geopolitical footprint[xix]. Eswaran’s co-chair, Joseph Bismark, with lifelong ties to the Science of Identity Foundation has both demonstrable links and potential conduits of influence to Tulsi Gabbard and her inner circle, including campaign employees, senior staffers and her former Chief of Staff, Kainoa Penaroza. [xx] [xxi]   The Qi Group and its subsidiaries, such as QNET and Qatana[xxii], which have operated or rebranded under numerous trade names such as Question International, Quest Net, Gold Quest, Silver Quest and numerous others, operate a complex web of offshore entities that complicate transparency and attribution significantly.  This is exacerbated by the fact that they are banned in multiple jurisdictions pursuant to accusations of operating multi-level marketing (MLM), Ponzi, and money laundering schemes. Allegations against the group include links to terrorism financing, such as funneling money to the LTTE (Liberation Tigers of Tamil Eelam) and supporting Zakir Naik—a banned Islamic preacher who founded Peace TV, prohibited in several countries for promoting violent extremism, and the Islamic Research Foundation (IRF). [xxiii] [xxiv]   Since at least 2001, the Gabbards, including Mike, Carol and Tulsi have sat on the board of directors of political committees and charitable organizations with direct ties to leadership within Qi Group subsidiary, Healthy's Inc. (Down to Earth), the Science of Identity Foundation (SIF) and related entities such as the Wai Lan Yoga Trust and its disregarded entities. Public records show numerous formal ties between associates of these entities and the Gabbards, including Tulsi, and her senior campaign personnel over the years.   Strategic Risks to National Security   Among the most exploitable entities for adversarial influence are insular high-control groups, which serve as strategic nodes for subversion due to their unique structural vulnerabilities. This threat vector is only exacerbated when such groups present foreign adversaries with opportunities for elite capture, especially with a prize individual like the prospective head of U.S. intelligence. According to an unclassified National Intelligence Estimate issued last year (NIE 2024-16734-A), “great power competition and international relations generally will increasingly feature an array of hostile “gray zone” activities as China, Iran, North Korea, and Russia seek to challenge the United States and gain advantage over other countries through deliberate campaigns”.  The NIE explains that “gray zone” activities comprise increasingly “well-honed tactics and exploit new domains within which attribution is more difficult and for which norms of behavior and accountability have not been sufficiently established or enforced.” [xxv]   In early 2023, International Coalition Against Illicit Economies (ICAIE) Board Member, John A. Cassara, published China – Specified Unlawful Activities: CCP Inc., Transnational Crime and Money Laundering, detailing the ways and means of the PRC’s leverage of illicit economies and gray zone threat networks. Cassara's research estimates China spends north of $2 trillion per annum on transnational criminal enterprises to disrupt and complicate the U.S. global footprint as sentinel of global commerce and the rules-based order and advance its geopolitical and geoeconomic objectives.[xxvi]   By October of 2024, Chairs, John Moolenaar (R-MI) and Raja Krishnamoorthi (D-IL), of the House Select Committee on the Strategic Competition Between the United States and Chinese Communist Party, sent a letter to Janet Yellen, Secretary of the Treasury, expressing their “deep concern regarding Hong Kong’s increasing role as a financial hub for money laundering, sanctions evasion, and other illicit financial activities.” [xxvii]   In January this year, following the New Orleans attacks, the Center of Strategic and International Studies (CSIS) conducted and interview with Assistant Secretary of Defense for SOLIC (Special Operations and Low-Intensity Conflict), Christopher Maier, on the future of irregular warfare. Maier notes, in alignment with a number of NIEs and USIC threat assessments, that the PRC's is "much more discreet" in their malign influence and irregular warfare operations than its strategic partners, such as Iran, Russia, Qatar and others.[xxviii]   However, recent revelations of previously undisclosed "gifts and contracts" from Chinese and Middle Eastern sources targeting U.S. higher education institutes and policy formation circles highlight efforts by foreign adversaries to skirt regulatory frameworks such as Section 117 of the Higher Education Act, which mandates reporting of foreign donations exceeding $250,000. These efforts target U.S. institutions for both technology transfer and ideological subversion.[xxix] [xxx] PRC aligned networks such as the "Singham Network" have demonstrated that the PRC's whole-of-society cognitive warfare operations aim at high-demand far-left progressive groups.[xxxi] A recently leaked classified addendum to Russia’s official Foreign Policy Concept outlines Moscow's strategy to weaken its Western adversaries. The classified addendum, dated April 11, 2023, provided to The Washington Post by a European intelligence service, indicates that Russia's Foreign Ministry is advocating for an "offensive information campaign" and other measures spanning military, economic, trade, and psychological spheres against a coalition of "unfriendly countries" led by the United States.[xxxii] Key strategies outlined in the classified addendum include supporting isolationist and right-wing forces in the U.S. to destabilize its political landscape, facilitating the rise of extremist forces in Latin American countries to create regional instability and promoting sovereignty movements in European countries to weaken their economic ties with the U.S. among other strategies aligned with the USIC's understanding of Soviet era "active measures."   While the context of the U.S. presidential election cycle introduces layers of geostrategic complexities into state-actor calculus informing target selection, in the realm of state-scale cognitive domain operations, a strategic common denominator remains, "Heads I win, Tails you lose." This presents a useful concept to keep in mind when thinking about both anti-imperialist narratives of transnational progressive movements of the Global South and paleoconservative non-interventionism of nationalist movements in Western countries. Both ideological domains present strategic opportunities for China, Russia and Iran to advance their shared objectives of a reduced Western footprint abroad, offering fertile ground for foreign malign influence operations designed to mount internal pressure in the U.S. and NATO member nations for reduced involvement in global affairs. By supporting both concurrently, adversaries attempt to attain more granular levels of control and influence within target societies.   It is therefore not surprising to find common threads so virulently advanced in both the anti-imperialist narratives and non-interventionist sentiments of closed groups. Characteristics typical of such groups on either side of the spectrum—such as strict internal loyalty, obedience to leadership, and susceptibility to manipulation—make them ideal targets for adversarial states like Russia, China, and Iran, in pursuit of advancing their geopolitical goals through active measures and irregular warfare. Hollowing out the sociopolitical center, targeting social stability, exploiting cleavages within Western societies through ideological niches to amplify discontent, discouraging cohesive foreign policymaking, eroding domestic consensus on international engagement, and fostering skepticism toward U.S.-led international frameworks all serve their agenda of reducing Western pressure and ensuring the regional maneuverability of hostile actors in pursuit of their own hegemonic designs.   Insular high-control groups such as SIF present strategically high-value targets for subversion and infiltration by foreign intelligence networks for several intrinsic factors.  These groups often maintain strict internal loyalty and obedience to leadership, creating a pool of individuals who can be exploited for covert purposes once their leadership is influenced or infiltrated. Once successfully captured and converted into assets, leadership of such group's can be effectively steered by adversaries to redirect the group’s energy toward actions that align with their goals, such as hostile influence campaigns, undermining stability or supporting espionage operations.   The concept of “Elite Capture,” whereby foreign adversaries seek to influence, subvert, or co-opt key individuals or groups—such as politicians, business leaders, or opinion shapers—within a target society, leveraging these assets within established influence conduits to advance hostile geopolitical or ideological goals, is particularly relevant when examining irregular warfare strategies in the context of individuals like Tulsi Gabbard, warranting cautious examination.   From a national security perspective, the primary concern is not whether Gabbard is a witting asset, nor whether the activities of her inner network and its overlaps are proper or improper. Rather, it is whether they intersect with malign actors tied to the PRC, the potential for a conflict of interest in Tulsi Gabbard’s appointment to DNI, and the risk of exposure to foreign malign influence and threat network infiltration into the USIC through her prospective appointment.   Implications for Tulsi Gabbard’s DNI Appointment   The systemic overlap between SIF and Healthy’s, rooted in intergenerational networks and Cold War-era ideological alignments, serves as the foundation for understanding how this network intersects with modern foreign influence risks, particularly as potentiated through the Qi Group acquisition of Healthy's and its founder's lifelong ties to SIF.   Given that the Office of the Director of National Intelligence (ODNI's) primary area of responsibility includes oversight of collection and counterintelligence efforts directed at threat networks challenging the national security interests of the U.S. and its allies, Tulsi Gabbard's position within a closed network potentially under the sway of foreign malign influence tied to the PRC's strategic gray zone activities poses an inherent risk of conflict of interest in her appointment to the role of DNI.   In light of these overlapping influences, a comprehensive review is essential to protect U.S. national security. Without a clear understanding of this network or its strategic influence footprint, Tulsi Gabbard’s appointment presents elevated risks of exposure to foreign threat networks and risks systemic conflicts of interest. Closing Evidence of overlapping networks involving Tulsi Gabbard’s family and closest associates—spanning PRC-aligned entities that have faced formal indictments alleging illicit financial conduits, documented ties to alleged transnational criminal operations, suspected terror-related funding, and geopolitical influence linked to the People’s Republic of China (PRC) and other threat networks—warrants urgent and thorough examination in the context of her prospective appointment as Director of National Intelligence (DNI). Note: This report does not overstep the bounds of open source security research—it does not claim certainty where certainty is not possible in the open-source realm, nor does it directly allege malfeasance or improper systemic overlap. Instead, it lays out non-trivial risks that warrant further scrutiny by the appropriate authorities with access to classified intelligence, financial forensics, and interagency resources. Citations [i] November 9, 2011, Joseph Bismark on Tuesdays with Marybeth Nave, DZRJ-AM (Part 1) [ii] Williamson, E., & Homans, C. (2025, January 27). Tulsi Gabbard’s unorthodox path to Trump’s intelligence team. The New York Times. nytimes.com/2025/01/27/us/… [iii] Hawaii Business Express. (2008). Aloha Parenting Project (Company No. 223794D2). Department of Commerce and Consumer Affairs, State of Hawaii. Retrieved from hbe.ehawaii.gov [iv] Stand Up For America Inc. (2023). IRS tax-exempt organization profile (EIN 20-4704132). Retrieved from ProPublica Nonprofit Explorer: projects.propublica.org/nonprofits/org… [v] Healthy Hawaii Coalition. (n.d.). Details on company number 122220D2 in the Hawaii Business Express | BREG DCCA. Retrieved from Hawaii Business Express. [vi] QI Group. (n.d.). Down to Earth. Retrieved from qigroup.com/business-focus… [vii] Down to Earth, Inc. registered in Hawaii in 1977 changed its name to Healthy's Inc and filed Down to earth as a Trade Name in 2008, hbe.ehawaii.gov/documents/trad… [viii] Steve Weinberg (1990). Armand Hammer, The Untold Story. Random House Value Publishing. ISBN 978051706282 [ix] Singman, B. (2025, January 28). Dozens of former intel officials urge senators to confirm Tulsi Gabbard as director of national intelligence. Fox News. Retrieved from foxnews.com/politics/dozen… [x] Land Court System DOC# 96181074, December 1996, Hawaii Bureau of Conveyances [xi] SIF's 990 filing showing Healthy's Inc donation for $929,256.00 in 2004, projects.propublica.org/nonprofits/ display_990/990177647/2006_12_E0%2F99-0177647_990_200412 [xii] Wai Lan Yoga Trust (99-6057064) 2004 990 IRS Filings showing $275,000 in cash grants to SIF, (113611  0755908153613 2005. WAI LAN YOGA TRUST) [xiii] Shekhar S Balasubramaniam, Qi Capital CEO, Qi Asset Management LTD CIO, LinkedIn,  my.linkedin.com/in/shekhar-s-b… [xiv] The Qi Group. (n.d.). Global Partnerships,  qigroup.com/global-partner… [xv] The Qi Group. (October 2017). Strategic Partner Of The 14th Asean Leadership Forum qigroup.com/news/the-qi-gr… [xvi] Eswaran, V. (2024, October 18). Can China’s railroad diplomacy elevate ASEAN? The Sun. thesun.my/opinion-news/c… [xvii] Vijayeswaran, V. (n.d.). Dato' Sri Vijay Eswaran appears on Wall Street Journal. Retrieved from vijayeswaran.com/spotlight/dato… [xviii] KSI. (n.d.). President: Tan Sri Michael Yeoh. Retrieved from kasi.asia/about/principa… [xix] SriSty EDU. (2024, November 19). The role of China's railway expansion in ASEAN: Insights from Vijay Eswaran. Retrieved from sristyedu.com/the-role-of-ch… [xx] Hawaii Bureau of Conveyances. (2011). Property record [Document #2011168330]. Retrieved from Hawaii Bureau of Conveyances archive. [xxi] Hawaii Department of Commerce and Consumer Affairs. (2013). Business registration for Tagaloha LLC [File No. 107909 C5]. Retrieved from hbe.ehawaii.gov/documents [xxii] International Consortium of Investigative Journalists. (n.d.). Qatana Ltd. Retrieved from offshoreleaks.icij.org/nodes/145437 [xxiii] Deccan Chronicle. (2023, April 5). Demand for SIT probe into QNET activities in state. Retrieved from deccanchronicle.com/nation/in-othe… [xxiv] Financial Frauds Victims Welfare Association. (2019). Petition submitted to the Cyberabad Police Commissioner regarding QNET scam. scribd.com/document/46084… [xxv] Unclassified Conflict in the Gray Zone: A Prevailing Geopolitical Dynamic Through 2030 July 2024 NIE 2024-16734-A [xxvi] Cassara, J. A. (2023). China – Specified unlawful activities: CCP Inc., transnational crime, and money laundering [xxvii] House Select Committee on the CCP, November 25, 2024 Letter to Janet Yellen [xxviii] CSIS Defense and Security Department. (January 2025). The Future of Irregular Warfare youtube.com/live/eLLVSHV3B… [xxix] House Select Committee on the CCP. (September 2024). How American Taxpayers and Universities Fund the CCP's Advanced Military and Technological Research selectcommitteeontheccp.house.gov/media/investig… [xxx] ISGAP, NCRI (November 2023). The Corruption Of The American Mind: How Foreign Funding In U.S. Higher Education By Authoritarian Regimes, Widely Undisclosed, Predicts Erosion Of Democratic Norms And Antisemitic Incidents On Campus networkcontagion.us/wp-content/upl… [xxxi] NCRI (2024) Contagious Disruption: How CCP Influence and Radical Ideologies Threaten Critical Infrastructure and Campuses Across the United States networkcontagion.us/wp-content/upl… [xxxii] Belton, C. (April 2024), Secret Russian foreign policy document urges action to weaken the U.S. The Washington Post washingtonpost.com/world/2024/04/… Pictured: Maltego network diagram mapping formal and legal ties across networks to produce a basis for analytical strategic footprint assessments, spanning domestic, foreign and offshore entities, legal filings, property records, U.S. FARA filings and government entities. MTGL files, including network cross sections can be made available by the center upon request at thewashingtonoutsidercenter.org/contact/

@Malware_Brandon Great thread. Outstanding work. Thanks for sharing!

1/X Here's some details on recent SOCGholish / FakeUpdates initial infections and the TDS (Keitaro?) that goes along with it. This loader uses compromised sites to display a fake "browser update" themed lure that, when clicked, downloads the malware.

I am happy to share a new resource I recently created called The Ransomware Tool Matrix: 🔗 blog.bushidotoken.net/2024/08/the-ra… #CTI #ThreatHunting #ThreatIntel #Ransomware

@JasonAtwell14 Yer moostash hairs is in violations...

I look forward to a nation-wide grooming standard.