PRODAFT

RAMP Forum User Intelligence Available for Our Platform (U.S.T.A. & Catalyst) Members 🫶Our SYS initiative remains highly active, as a well-known forum member voluntarily contacted us. We are grateful for their contribution. Even when admins attempt to dox each other for 10 BTC, it's good to see some members doing it voluntarily for us. 🔍As a result, our team has acquired intelligence associated with 7,709 RAMP forum users, including the following high-value investigative datasets: 📧Private messages exchanged between threat actors, enabling reconstruction of operational planning and coordination; 👾Attachments sent and received between threat actors, supporting malware, tooling, and infrastructure attribution; 🔐Authentication and login activity, facilitating access-pattern analysis and operational security assessment; 🌌Forum search history, providing insight into intent, targeting, and operational focus; 🧐Profile information, including but not limited to registered email addresses, supporting identity correlation and cross-platform attribution; 🗣️Chat room and group communication metadata, indicating collaboration structures and coordinated activity across specific operations and campaigns. We will be correlating these datasets to support and advance multiple previously unsolved investigations. #cyberintelligence #ramp #LockBitSupp <3

Our SYS initiative continues to accept tips regarding cybercrime. If you have information about any threat actor group, you can reach us directly through our TOX anonymously: D0E5B14B166D8440E3F54CDFC0F38E5080645F728F02AADFB7B978F9D579EE5A6D38A29DD307 P.S. Our graphic designer is away this week, but since posts with images receive better engagement, we did our best. Thank you for your understanding. #cybercrime #cyberthreatintel #proactivedefense

📈Statistically speaking, thanks to the SYS initiative, there are now more "good guys in disguise" running cybercrime forums as moderators and administrators than actual criminals. #cybercrime #proactive #cyberintelligence

Our managing partner @mdisec took the stage at a fully packed Meetup series (#58) organized by @TeknasyonTech 🐦‍⬛The room was packed wall to wall as hundreds of hackers gathered to listen to his energetic and educational talk titled Hacker’s Diary: A Product Security Tale. Huge thanks to @TeknasyonTech for hosting such an incredible event and big respect to the passionate audience whose curiosity and engagement filled the room 🔥 #zeroday #vulnerability 👋#chat

For all the malware devs out there 🦠🧑‍💻 Every infostealer uses a different timestamp format. Some of you even invent new ones. Analysts everywhere are crying while parsing those logs. Please. Just use ISO8601. (One of our clients advised that) Make it a standard among whatever nasty thing you're coding. If you don't know how, please contact us. #ISO8601 #CyberThreat #MalwareDev

🚨 Hidden Risk: Unattended or Forgotten Social Media Links A single social media link on a website can open the door to: 🎭 Brand impersonation 🎣 Phishing campaigns 💸 Fraud and reputation damage Attackers actively search for unclaimed or abandoned social media accounts linked from official websites, then take them over to exploit user trust or re-register to sell them. Only thing worse than a breach is explaining to the board that it started with a forgotten Twitter link from 2016 🤦‍♂️ #CyberSecurity #ThreatIntelligence #BrandProtection

🔧Our open source tool Cradle is built for the threat intelligence community and shared openly with everyone. What started as a public project is now being used by many major organizations to manage complex internal cases and critical knowledge at scale. We are pushing Cradle forward with new powerful features coming soon !🤫. Follow our GitHub to see what is next and be part of the future of case management github.com/prodaft/cradle

Our seasoned manager, ACK, represented us at MaTeCC in Morocco as a speaker, sharing insights on AI-driven cyber threats and the latest cases we investigate. From Morocco's strong support for cybersecurity to the high-quality technical sessions and an inspiring student community shaping the future of cyber resilience, MaTeCC truly showcased the region's growing capability in cyber domain. #Morocco #MaTeCC

⏳After countless hours protecting critical organizations from breaches and supporting global cyber investigations 💪, we are taking a moment to recharge in Cappadocia (Kapadokya), a place that feels like home. ⛰️Here, hot air balloons rise with the sun, ancient valleys and fairy chimneys shape a dreamlike horizon, and history lives in every stone. It is the perfect setting to reflect, reset, and prepare for the next challenges. #CyberSecurity

We are thrilled to see our work featured in a new WIRED piece on Google's lawsuit against the "Lighthouse" smishing operation. 📱 Huge shout-out to our team for their relentless work tracking Chinese-speaking smishing ecosystems and reporting the infrastructure behind these global scam campaigns. 🔗 Read the WIRED article: wired.com/story/lighthou…

🚀 Exciting Update from CATALYST! We're making it easier than ever to stay ahead of evolving cyber threats. With our new easy subscription model, you can now access TLP:AMBER reports directly on the CATALYST platform, simply complete your payment and start exploring. 🔐 What you get with your subscription: ✅ In-depth TLP:AMBER reports ✅ Full access to threat actor profiles ✅ Detailed insights into malware families ✅ A complete activity timeline to track threat evolution No complicated processes! Just subscribe, log in, and get the intelligence you need to make informed security decisions for a year! 💡 Whether you’re a cybersecurity professional, threat analyst, or organization building resilience, CATALYST gives you the visibility and depth you need. 👉 Visit catalyst.prodaft.com/quick-access to subscribe and explore the latest threat intelligence today. #CyberSecurity #ThreatIntelligence #CATALYST #CyberThreats #InfoSec #MalwareAnalysis #ThreatActors

Proud to participate in #OperationEndgame /w @Europol. The next phase represents a significant step toward dismantling cyber crime infrastructure worldwide. operation-endgame.com

🚀 New in BLINDSPOT Ever wondered where your employees use corporate accounts, if they reuse passwords, or put their dog’s name into them? 🐶 Humans are still the weakest link. Now you can see how weak that link really is. blindspot.prodaft.com/free-trial #threatintelligence

🛰️Historic CryptBot screenshot: infostealer quietly infected ~1.8M devices and ran a private shop selling access to compromised machines. Not active today. Do you know what they were dealing with? We do. Attribution matters. #threatintel #malware #cybersecurity

🫣

🚨 FIN7 (Savage Ladybug) still using the same Windows SSH backdoor with only small changes since 2022. install.bat + OpenSSH toolset → reverse SSH/SFTP for stealth & exfil. 📂Check recent IOCs: github.com/prodaft/malwar… #CyberSecurity #ThreatIntelligence #Malware #IOC

💬 Privacy claims from ransomware groups are fiction. Files are never deleted. "Private" chats are visible to members, state sponsored actors, and third party providers. 💸 Don’t pay ransom. 🛡️ Protect, contain, investigate. #cybersecurity #ransomware

🕵️ SectopRAT (ArechClient2) is still active and gaining traction with cybercriminals. Obfuscated .NET RAT w/ HVNC remote control, C2 fallback & data theft (creds, wallets, VPNs, browser data). In case you missed our public report 👉catalyst.prodaft.com/public/report/… #threatintel #malware