Validin

790 posts

Validin

@ValidinLLC

Validin is a next generation internet intelligence platform.

Southeast USA เข้าร่วม Mayıs 2017

459 กำลังติดตาม2.3K ผู้ติดตาม

ทวีตที่ปักหมุด

Validin@ValidinLLC·6 Mar

We're tracking the rapid proliferation of this exploit chain. Read our analysis of the C2 domains and the discovery of many recent dropper pages. Tracing the iOS Exploit Kit from Ukraine to Iran War Lures: validin.com/blog/aye_corun…

English

5.1K

Validin@ValidinLLC·23h

@andrewdanis @500mk500 @andrewdanis we do not have pivots that require a premium account (except for registration, which this is not). It appears that the data aged out of the community platform.

English

andrew danis@andrewdanis·23h

@500mk500 Do I need a paid account - I tried searching by that hash/didn’t see that field anywhere with just a community account

English

andrew danis@andrewdanis·1d

Interesting ZIP application "ZipSphere", looking at the .NET code, doesn't appear to do anything malicious currently, but the installer does report back device information. One of those "feels sketchy" apps, worth keeping an eye on. zipsphereapp[.]com virustotal.com/gui/file/d4640…

English

2.5K

Validin รีทวีตแล้ว

The Shadowserver Foundation@Shadowserver·4d

657 instances shared for 2026-03-14. We expect to increase the volume of the feed in the future! We would like to thank our Alliance partners and @ValidinLLC for the collaboration making this possible! Background on investigating ClickFix/ClearFake: atea.no/siste-nytt/it-…

English

935

Validin รีทวีตแล้ว

PIVOTcon@pivot_con·10 Mar

📣#PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's speaker lineup. 2⃣days and 19 talks from leading #ThreatResearch experts. The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵 #CTI #ThreatResearch 1/15

English

2.4K

Validin@ValidinLLC·6 Mar

Read the original report from GTIG: cloud.google.com/blog/topics/th…

English

353

Validin@ValidinLLC·6 Mar

Read the original report from @IsMyPhoneHacked x.com/IsMyPhoneHacke…

i✌️erify@IsMyPhoneHacked

5 exploit chains, 23 exploits, nation-state grade malware has leaked with the capability to mass exploit iPhones. IOCs and technical overview on our blog: iverify.io/blog/coruna-in… #iOS #malware #mobilesecurity #cybersecurity #cyberattack

English

766

Validin@ValidinLLC·6 Mar

English

5.1K

Validin@ValidinLLC·24 Şub

🧩 We're thrilled to announce a new Validin integration with MISP and additional YARA capabilities! Validin is now available as a MISP expansion module, enabling enrichment of MISP events across all Validin data sources. Read more in our blog: validin.com/blog/validin-m…

English

Validin@ValidinLLC·17 Şub

Validin is proud to serve the CTI community in Europe by sponsoring @pivot_con again this year. We look forward to seeing you in Malaga!

PIVOTcon@pivot_con

Thank you @ValidinLLC for being #PIVOTcon26 Gold Sponsor🥳 Read more about: @ValidinLLC here: validin.com Validin eliminates blind spots with comprehensive DNS history and IP context data. Our sponsors: pivotcon.org/sponsors #ThreatIntel #CTI #ThreatResearch

English

893

Validin รีทวีตแล้ว

eremit4@_eremit4·30 Oca

My latest research looks at digital #skimming in #LATAM as an ecosystem. #Stealer logs feed access, #SupplyChain abuse provides scale, and checkout skimmers quietly handle monetization. Full analysis and technical details here: sagehollow.world/posts/adversar… #CTI #Magecart #FinCrime

English

2.4K

Validin รีทวีตแล้ว

Florian Roth ⚡️@cyb3rops·3 Şub

More reports regarding the Notepad++ compromise @Securelist securelist.com/notepad-supply… @kucher1n x.com/kucher1n/statu… @ValidinLLC validin.com/blog/exploring… #NotepadPlusPlusCompromise

Florian Roth ⚡️@cyb3rops

Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll - network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114 by @rapid7 rapid7.com/blog/post/tr-c…

English

271

29K

Validin@ValidinLLC·3 Şub

@kucher1n The origin IP for cdncheck[.]it[.]com, mentioned in the report above, appears to be: 167.179.64[.]69

English

117

Validin@ValidinLLC·3 Şub

@kucher1n has also independently verified some of what we found and observed additional indicators: x.com/kucher1n/statu…

Georgy Kucherin@kucher1n

It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month. Here are more IPs used in the attack: 45.76.155[.]202 45.32.144[.]255 Read below for many other IoCs! [1/8]

English

203

Validin@ValidinLLC·3 Şub

The #NotepadPlusPlusCompromise @rapid7 report included network indicators. 💪 We uncover additional related infrastructure to look out for including a possible additional initial access IP, C2 IPs, and C2 domain names. Follow our analysis + indicators: validin.com/blog/exploring…

English

3.2K

Validin รีทวีตแล้ว

Tom Hegel@TomHegel·3 Şub

The Notepad++ CN APT incident - Quick reference to help keep up: 1. Incident overview: (notepad-plus-plus.org/news/hijacked-…) 2. @rapid7 MDR Analysis with IOCs: (rapid7.com/blog/post/tr-c…) 3. @ValidinLLC Infrastructure Analysis w/ new IOCs/pivot methods: (validin.com/blog/exploring…) ...

English

329

27.8K

Validin@ValidinLLC·29 Oca

"If you’re big enough to have employees, you’re big enough to be targeted." How we investigated an invoice fraud email targeting our accounting department uncovering an entire cluster of domains and IPs used to maintain the ruse: validin.com/blog/consultin…

English

337

Validin@ValidinLLC·27 Oca

Validin now supports JA4X fingerprinting, brought to you by @4A4133 (the creator of JARM), and more JA4+ fingerprints are on the way! Read our announcement here: validin.com/blog/validin_s…

English

1.6K

ค้นพบ

@andrewdanis @500mk500 @IsMyPhoneHacked @pivot_con @Securelist @kucher1n @rapid7 @4A4133