Ctrl-Alt-Intel

135 posts

Ctrl-Alt-Intel banner
Ctrl-Alt-Intel

Ctrl-Alt-Intel

@ctrlaltintel

Threat Research

Katılım Mart 2026
21 Takip Edilen1.2K Takipçiler
Sabitlenmiş Tweet
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
9 McNuggets & a McChicken burger helped us link a Russian hacker to 🇷🇺 government😅 Denis Obrezko was put on the international wanted listed by Russia, following an FBI arrest in Phuket last November. Our independent investigation shows Obrezko has closes ties to the Moscow👇
Ctrl-Alt-Intel tweet mediaCtrl-Alt-Intel tweet media
English
4
48
185
40.9K
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
*Thai arrest at request of the FBI
English
0
0
5
1.8K
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
9 McNuggets & a McChicken burger helped us link a Russian hacker to 🇷🇺 government😅 Denis Obrezko was put on the international wanted listed by Russia, following an FBI arrest in Phuket last November. Our independent investigation shows Obrezko has closes ties to the Moscow👇
Ctrl-Alt-Intel tweet mediaCtrl-Alt-Intel tweet media
English
4
48
185
40.9K
Ctrl-Alt-Intel retweetledi
Tanner
Tanner@wbmmfq·
We've seen four logistics firms getting hit by Teams messages (today!) that lead to Quick Assist, then a RAT/C2 that seems fairly novel. I'll get some IoCs later, but for now keep an eye out for Teams messages from .onmicrosoft.com accounts. @HuntressLabs
English
1
7
41
7.4K
Fox_threatintel
Fox_threatintel@banthisguy9349·
My succes rate of finding more information about a threat when a ip, domain, filehash is given is pretty wild. Try me!
English
5
1
26
4K
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
In total 1956 unique VShell C2 IP addresses have been observed in the past month, with top countries being: 🇨🇳 -> 729 C2s 🇭🇰 -> 723 C2s 🇺🇸 -> 230 C2s 🇸🇬 -> 100 C2s 🇯🇵 -> 62 C2s Hope you enjoyed. We'll be continuing this series for other C2s soon :) (8/8)
Ctrl-Alt-Intel tweet mediaCtrl-Alt-Intel tweet media
English
0
1
7
320
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
We don't have to stop there. Using Hunt.io SQL we can see the top ASNs linked to VShell in the past month. The most active are: AS37963 - 285 C2s AS45090 - 258 C2s AS9294 - 227 C2s AS133199 - 195 C2s AS36352 - 110 C2s (7/8)
Ctrl-Alt-Intel tweet mediaCtrl-Alt-Intel tweet media
English
1
3
6
700
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
Hunting for C2 #OPSEC failures w. @Huntio: VShell edition 🧵 Context: - VShell is a Chinese-developed CS alternative - VShell is developed on the NPS codebase - Often used by Chinese APT groups, but also seen in the wider cybercrime ecosystem (1/8)
English
1
10
38
3.8K
Ctrl-Alt-Intel retweetledi
Have I Been Squatted
Have I Been Squatted@beensquatted·
Squats, Backdoors, ClickFix and Blockchain. As part of a Have I Been Squatted & @ctrlaltintel researcher traced a typosquatted domain through a ClickFix lure, persistent macOS backdoor, and blockchain-based command-and-control infrastructure. haveibeensquatted.com/blog/from-typo…
English
0
3
6
373
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
One of our researchers has published a blog for @beensquatted exposing an ongoing macOS stealer & backdoor campaign 🔥 Originating from typosquatted domains, a threat actor is using ClickFix lures to deliver a persistent macOS loader hat hosts C2 using Polygon smart contracts👇
English
1
7
30
2.3K
Ctrl-Alt-Intel retweetledi
Hunt.io
Hunt.io@Huntio·
𝗛𝘂𝗻𝘁 𝟯.𝟬 𝗶𝘀 𝗹𝗶𝘃𝗲. 𝗣𝘂𝗹𝗹 𝘁𝗵𝗲 𝘁𝗵𝗿𝗲𝗮𝗱. 🚀 Most threat hunting tools stop at the lookup. You get a result, maybe a tag, and then you're on your own figuring out what connects to what. We built v3 to fix that. Every indicator, whether it's an IP, a domain, or a hash, should open into the full picture automatically. 👉 Here's what's new: hunt.io/blog/introduci… → 60+ API endpoints across C2, AttackCapture, Vulnerability Intel, SQL, and more → Remote MCP server, connect Claude or other AI tools straight to Hunt data → Cloudflare Buster turns one domain into a full infrastructure cluster → Passive DNS History gives you a real timeline of DNS changes, not just a point-in-time snapshot → Attack Reports turns exposed attacker directories into structured campaign reports, tied to specific IPs, IOCs, and CVEs → Exploit Capture indexes 54,000+ AI-classified files staged in attacker open directories right now → Provider Radar now includes Registrar intelligence, catching domain provisioning patterns before those domains go live in an attack → Flattened data architecture so HuntSQL joins are finally possible, no workarounds → And much more! And the best part: you get 14 days free, no credit card needed. Open an account and start hunting today 👇 portal.hunt.io/sign-up
GIF
English
1
18
27
4.3K