Sotwe logo Sotwe logo
ctrlaltintel's profile banner image
ctrlaltintel's profile image

Ctrl-Alt-Intel

Verified account

@ctrlaltintel

Threat Research
Joined March 2026
20 Following
788 Followers
99 Posts
 Pinned Tweet
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
Over 7 a month period, a Qilin affiliate exposed 5 C2 servers -> OPSEC L -> Sliver C2 / SOCKS running on WatchGuard devices -> Initial access primarily via WG/Fortinet exploitation -> 3 real victims found via Qilin blog -> 🇺🇸 & 🇩🇪 targeting -> 7+ CVEs used Link to blog below👇
ctrlaltintel's tweet photo. Over 7 a month period, a Qilin affiliate exposed 5 C2 servers -> OPSEC L -> Sliver C2 / SOCKS running on WatchGuard devices -> Initial access primarily via WG/Fortinet exploitation -> 3 real victims found via Qilin blog -> 🇺🇸 & 🇩🇪 targeting -> 7+ CVEs used Link to blog below👇 https://t.co/HaHWonAjQ0
4
59
16
44
7K
ctrlaltintel  retweeted
BushidoToken's profile image
Will @BushidoToken
Please look into this @virginmedia you’re blocking legitimate security researchers:
1
25
7
2
8K
ctrlaltintel  retweeted
ice_wzl_cyber's profile image
ice-wzl @ice_wzl_cyber
@AWEGroupe Your network has been compromised by a threat actor. Please contact myself or @ctrlaltintel and we will help you get rid of their malware (completely free of charge, of course). Compromised machine hostname: cineyglpi Malware process name: [mm_percpu_wq]
0
8
1
1
365
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
👀😬
FBICyberDiv's profile image
FBI Cyber Division Verified account @FBICyberDiv
Today the FBI released a #PSA warning the public about Kali365—an emerging Phishing-as-a-Service (PhaaS) platform. Kali365, first seen in April 2026, enables cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials. The platform allows less-skilled attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities. Learn more about how the scam works and review recommendations on how to protect yourself: https://t.co/Ym8g4zRGNL
FBICyberDiv's tweet photo. Today the FBI released a #PSA warning the public about Kali365—an emerging Phishing-as-a-Service (PhaaS) platform. Kali365, first seen in April 2026, enables cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials. The platform allows less-skilled attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities. Learn more about how the scam works and review recommendations on how to protect yourself: https://t.co/Ym8g4zRGNL
48
580
250
122
44K
0
6
0
1
659
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
@bsforvt727 Ooo very interesting 👀
0
2
0
1
21
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
A Ctrl-Alt-Intel researcher, based out of HK 🇭🇰, tried to download @signalapp via Chrome.... but noticed something odd The top 2 sponsored results were advertising likely malicious "Chinese versions" of Signal....
ctrlaltintel's tweet photo. A Ctrl-Alt-Intel researcher, based out of HK 🇭🇰, tried to download @signalapp via Chrome.... but noticed something odd The top 2 sponsored results were advertising likely malicious "Chinese versions" of Signal.... https://t.co/g2LXgtDLeH
2
19
9
10
2K
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
^ Above have been translated We haven't analyzed the files any further as we are too busy, but wanted to share the suspicious findings with the community regardless! If anyone has the time to dig into the payloads, we'd love to see what you find 👀
1
4
0
1
267
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
Sponsored Google ADs -> signal518.onepage[.me -> www.cq2nnlqm[.top -> s3.ap-east-1.amazonaws[.com/mazida3x/WPp3p/singalSutpes_5.18_owsrc.msi (47b403e220447f4205dd14bb69ecb9f9) This .MSI contains signed Spotify/Google binaries + suspicious DLL, ant.dll (6f3ac069f5f95665259b09149fd1d240)
ctrlaltintel's tweet photo. Sponsored Google ADs -> signal518.onepage[.me -> www.cq2nnlqm[.top -> s3.ap-east-1.amazonaws[.com/mazida3x/WPp3p/singalSutpes_5.18_owsrc.msi (47b403e220447f4205dd14bb69ecb9f9) This .MSI contains signed Spotify/Google binaries + suspicious DLL, ant.dll (6f3ac069f5f95665259b09149fd1d240)
1
7
0
2
454
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
@VIPRESecurity Please stop flagging us on Virus Total <3
ctrlaltintel's tweet photo. @VIPRESecurity Please stop flagging us on Virus Total <3 https://t.co/nNtKpGJP0V
0
13
1
2
246
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
@socradar please stop bullying us 😢
ctrlaltintel's tweet photo. @socradar please stop bullying us 😢 https://t.co/j6HSEtMNPe
1
12
2
1
541
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
In total, over 3.7k messages were analysed from multiple channels in their Rocket[.Chat We are not finished, some more interesting tradecraft to discuss. Blog maybe coming soon 😅
0
8
0
0
401
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
A little thread exposing screenshots + comms from the Gentlemen Leaks. These provide super interesting insight into the inside operations of successful RaaS groups. Everything from aspects of operators personal lives, their TTPs, and victims. All images shared are from the Rocket[.Chat leak We even discovered in March they attempted to send flowers to a UK-based victim.... On 28th Feb, they recognise they're "top 2" on https://t.co/hpPlgsz0wo + Devman has gone ;)🚓 Translation of zeta88's first message: "In short, Devman was either taken in, for health reasons, or because of a rebranding—it all disappeared. And we're top 2 on RansomLive based on statistics, but not based on profit, I think." We can see a @GangExposed tweet shared by The Gentlemen, alongside the https://t.co/hpPlgsz0wo stats
ctrlaltintel's tweet photo. A little thread exposing screenshots + comms from the Gentlemen Leaks. These provide super interesting insight into the inside operations of successful RaaS groups. Everything from aspects of operators personal lives, their TTPs, and victims. All images shared are from the Rocket[.Chat leak We even discovered in March they attempted to send flowers to a UK-based victim.... On 28th Feb, they recognise they're "top 2" on https://t.co/hpPlgsz0wo + Devman has gone ;)🚓 Translation of zeta88's first message: "In short, Devman was either taken in, for health reasons, or because of a rebranding—it all disappeared. And we're top 2 on RansomLive based on statistics, but not based on profit, I think." We can see a @GangExposed tweet shared by The Gentlemen, alongside the https://t.co/hpPlgsz0wo stats
1
59
12
32
5K
ctrlaltintel's profile image
Ctrl-Alt-Intel Verified account @ctrlaltintel
On the 25th March, "zeta88" attempted to get fraudulent CC info in order to buy a bunch of flowers to send to a victim This victim was apparently taking time to begin negotiations
ctrlaltintel's tweet photo. On the 25th March, "zeta88" attempted to get fraudulent CC info in order to buy a bunch of flowers to send to a victim This victim was apparently taking time to begin negotiations https://t.co/XQ8DJHY7Dq
1
4
0
0
499

Last Seen Users on Sotwe

STW50y's profile image
imboss
Seen from United Kingdom
Milf16's profile image
Milf porn
BurgeRob77451's profile image
นิยมไทย.
Seen from Thailand
MauricoGarcel's profile image
Maurico Garcia
deepa_mami's profile image
DEEPA IYER
Seen from India
fantasyjilbob's profile image
fantasyjilbob
Seen from Singapore
NongsayD's profile image
huio
Seen from Indonesia
SjadH78227's profile image
العراقي
Momsex_69's profile image
ร่านเย็ด ขี้เงี่ยน ร่านควย
Seen from Thailand
OkanKorkma75021's profile image
mert duman
Seen from Turkey

Trends for you

1
#bucciovertimechallenge
Under 10K tweets
2
#StanleyCup
Under 10K tweets
3
Marner
Under 10K tweets
4
Belal
Under 10K tweets
5
Bussi
Under 10K tweets
6
FedEx
Under 10K tweets
7
#eternalsunshinetour
Under 10K tweets
8
#SoundTheSiren
Under 10K tweets
9
#AEWCollision
Under 10K tweets
10
Mormons
Under 10K tweets

Most Popular Users

elonmusk's profile image
1
Elon Musk Verified account
@elonmusk
240.2M followers
barackobama's profile image
2
Barack Obama Verified account
@barackobama
119.3M followers
realdonaldtrump's profile image
3
Donald J. Trump Verified account
@realdonaldtrump
111.6M followers
cristiano's profile image
4
Cristiano Ronaldo Verified account
@cristiano
109M followers
narendramodi's profile image
5
Narendra Modi Verified account
@narendramodi
107M followers
rihanna's profile image
6
Rihanna Verified account
@rihanna
97.3M followers
nasa's profile image
7
NASA Verified account
@nasa
92.1M followers
justinbieber's profile image
8
Justin Bieber Verified account
@justinbieber
90.6M followers
katyperry's profile image
9
KATY PERRY Verified account
@katyperry
86.8M followers
taylorswift13's profile image
10
Taylor Swift Verified account
@taylorswift13
80.6M followers
ladygaga's profile image
11
Lady Gaga Verified account
@ladygaga
72.2M followers
kimkardashian's profile image
12
Kim Kardashian Verified account
@kimkardashian
69.4M followers
youtube's profile image
13
YouTube Verified account
@youtube
68.6M followers
imvkohli's profile image
14
Virat Kohli Verified account
@imvkohli
68.6M followers
billgates's profile image
15
Bill Gates Verified account
@billgates
63.4M followers
theellenshow's profile image
16
The Ellen Show
@theellenshow
62.5M followers
cnn's profile image
17
CNN Verified account
@cnn
61.9M followers
neymarjr's profile image
18
Neymar Jr Verified account
@neymarjr
61.1M followers
x's profile image
19
X Verified account
@x
60.9M followers
selenagomez's profile image
20
Selena Gomez Verified account
@selenagomez
59.9M followers