Validin

For analysts and researchers: releasing a new advanced search query language and Search Sessions. Read the announcement: validin.com/blog/validin_i…

Six months after @DJSnM and @_JohnHammond were targeted with a fake "DMCA takedown" campaign, we revisit old pivots and find some new connections. validin.com/blog/dmca_phis…

#PIVOTcon26 edition is over! Time to #pivot to #PIVOTcon27 Big thanks to our sponsors for making this happen! @silentpush @vtxproject @censysio @urlscanio @ValidinLLC @TalosSecurity @abuse_ch @SpamhausTech @ecrime_ch @epieos @sekoia_io @wearetlpblack @webscout_io @rationaledge 1/

New report revisiting Gamaredon, this time focusing on their phishing emails and first stage downloaders - GammaDrop and GammaLoad. Despite years of active campaigns, detailed public analysis of either has been lacking. So we fixed that. 1/5

✈️ We’re headed to Malaga, Spain for #PIVOTCon26! Our founder Kenneth Kinion and founding engineer Sreekar Madabushi will be attending.

We're looking forward to seeing you all at @pivot_con next week!

@RussianPanda9xx Thank you for the shout out!

Ok, real question: how many of you have mistyped regsvr32.exe too? New blog is out! Got a chance to take a peek at CastleLoader 🏰 and a .NET stealer we are calling CastleStealer (duh) Their launch_method 4 calls regsrv32.exe. Yes, regsrv32.exe. The devs typo'd a binary that's been shipping since the 90s and never noticed :C I also didn't forget to give @ValidinLLC a shoutout this time. Would you check out the blog, pretty please? huntress.com/blog/clickfix-…

🚨 The LABScon 2026 Call for Papers is officially OPEN! 🗓️ Deadline to submit: June 19, 2026 🔗 labscon.io <- find the button here

""Hello? I can’t hear you": Investigating UNC1069’s Fake Meeting Tactics" published by @ValidinLLC. #CabbageRAT, #ClickFix, #UNC1069, #DPRK, #CTI validin.com/blog/i_cant_he…

In this guest post, researchers @lontze7 and @cfotopoulos2000 analyze UNC1069 sample behavior and track related infrastructure with Validin. They provide IOCs and show great detail. Check out out! ⤵️

Raw IP data in Device ID reporting, with device_vendor set to Progress & device_model to ShareFile: shadowserver.org/what-we-do/net… Thank you to @ValidinLLC for the collaboration! Dashboard World Map view: dashboard.shadowserver.org/statistics/iot… Dashboard Tree Map view: dashboard.shadowserver.org/statistics/iot…

@andrewdanis @500mk500 @andrewdanis we do not have pivots that require a premium account (except for registration, which this is not). It appears that the data aged out of the community platform.

@500mk500 Do I need a paid account - I tried searching by that hash/didn’t see that field anywhere with just a community account

Interesting ZIP application "ZipSphere", looking at the .NET code, doesn't appear to do anything malicious currently, but the installer does report back device information. One of those "feels sketchy" apps, worth keeping an eye on. zipsphereapp[.]com virustotal.com/gui/file/d4640…

657 instances shared for 2026-03-14. We expect to increase the volume of the feed in the future! We would like to thank our Alliance partners and @ValidinLLC for the collaboration making this possible! Background on investigating ClickFix/ClearFake: atea.no/siste-nytt/it-…

📣#PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's speaker lineup. 2⃣days and 19 talks from leading #ThreatResearch experts. The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵 #CTI #ThreatResearch 1/15

Read the original report from GTIG: cloud.google.com/blog/topics/th…

Read the original report from @IsMyPhoneHacked x.com/IsMyPhoneHacke…

We're tracking the rapid proliferation of this exploit chain. Read our analysis of the C2 domains and the discovery of many recent dropper pages. Tracing the iOS Exploit Kit from Ukraine to Iran War Lures: validin.com/blog/aye_corun…

🧩 We're thrilled to announce a new Validin integration with MISP and additional YARA capabilities! Validin is now available as a MISP expansion module, enabling enrichment of MISP events across all Validin data sources. Read more in our blog: validin.com/blog/validin-m…

Validin is proud to serve the CTI community in Europe by sponsoring @pivot_con again this year. We look forward to seeing you in Malaga!