Olivia
Online
J.A.R.V.I.S
@peppermalware
Malware Analyst. Malware Addict.
Joined January 2018
142 Following
1.8K Followers
7.1K Posts
Threat actor Void Dokkaebi has compromised over 750 public code repositories using a worm-like RAT that spreads via trusted developer tools and workflow habits. TrendAI™ Research provides steps to audit and secure your repositories: https://t.co/bHk1GVUMn4
#Lazarus Operation DreamJob targets the UAV sector
DroneEXEHijackingLoader.dll /ScoringMathTea RAT
https://t.co/prl2AcvWPR
New blog from WKL: WinDbg Time Travel Debugging vs. Intel Processor Trace
CPU instruction tracing is insanely powerful for RE + threat hunting but still underused. @AlanSguigna breaks down the tradeoffs, strengths, and when to use each.
https://t.co/3rK2vii1Hl
Elastic Security Labs publishes nightMARE, a Python library (v0.16) for malware analysis and for building configuration extractors. https://t.co/Cdofl8Lazn
Silly EDR Bypasses and Where To Find Them
https://t.co/4qWVI275Ch
Just published a deep dive into APT27 (Emissary Panda/Iron Tiger/Lucky Mouse), a Chinese state-sponsored cyber-espionage group active since 2010, known for spear-phishing, watering-hole attacks and exploitation of internet-facing applications.
https://t.co/xNurajdGrq
#Lazarus BeaverTail variant distributed via malicious repositories and ClickFix lure
https://t.co/30pFWWT0JU
🚨Lazarus escalated activities in 2025 with companies already suffering billions in losses.
This APT’s attacks are evolving and getting harder to detect.
Read actionable report on its current campaigns to be ready for the next attack ⬇️ https://t.co/dQyCuoOYfl
🧪 Under the Pure Curtain: From RAT to Builder to Coder
A deep dive into the Pure malware ecosystem — from IR engagement with ClickFix campaign to Rust loader and PureHVNC RAT deployment.
https://t.co/piMQvv4kf8
Myth Stealer
http[://213.136.81.217[:8080
kedi[.mythstealer.win
4c6f0497d3903bb7a51466a78aa288bc564b7403ed2dc0682aee37c4e6648e01
more sample in VT communicating files
APT37 Targets Windows with Rust Backdoor and Python Loader
C2 Server
https://t.co/IzjOmDFn5t
Zscaler ThreatLabz identifies a campaign active since early May 2025 targeting Chinese-speaking users that delivers ValleyRAT, FatalRAT, & the newly named kkRAT. The blog details the attack chain and kkRAT’s features, network protocol, commands, & plugins. https://t.co/4sTYeQE3xo
New blog is out on #NightshadeC2!
Newly discovered botnet with capabilities like reverse shell, password/cookie theft, remote control, and more. Loader relies on UAC Prompt Bombing to force victims into excluding payload in Windows Defender!
https://t.co/EHzj9Z79Rm
ESET researchers have identified a new threat actor: GhostRedirector targets Windows servers with a passive C++ backdoor (Rungan) and a malicious IIS module (Gamshen) that manipulates Google search results. https://t.co/sGqad38ArV
Since April 2025, Gunra ransomware has targeted enterprises across Brazil, Japan, Canada, the United States, and other regions, affecting sectors such as healthcare, manufacturing, transportation, IT, and agriculture.
Strengthen defenses with full insights: ⬇️ https://t.co/2GlrjlYUPJ
Newly discovered Charon ransomware leverages elliptic curve cryptography and a modified ChaCha20 cipher, partially encrypting files for speed.
Trend Vision One™ provides detection queries to help teams sweep for IOCs: ⬇️ https://t.co/xZGGnDq22W
A new ransomware strain named #Yurei has emerged. It is believed to be a variant of PrincessLocker and is written in Go.
sample: https://t.co/hy0X8J3dHO
sample: https://t.co/kIeMfqN35H
sample: https://t.co/ooueAbFwEz
rule: https://t.co/bElzz5X7tI
The #GPUGate malware, distributed via GitHub and Google Ads, uses GPU encryption. Targets users in Western Europe.
#GPUGate @AWNetworks
https://t.co/GnwddGlP2A
Did you know? The PrincessLocker ransomware family has spawned multiple variants over time. Here are some of its known offshoots
- Banderas
- EByte
- SatanLock
- GoConti
- HexaLocker
- JustIce
- Kalingrad
- CrazyHunter
- CYB3R-L0CK3R
Bitdefender’s Jade Brown profiles SafePay, a non-RaaS ransomware group with hundreds of victims. TTPs include credential compromise, VPN exploitation, IT-staff impersonation, PsExec for lateral movement, and data exfiltration via WinRAR and FileZilla. https://t.co/YCUBdsYFCU
Last Seen Users on Sotwe
Super_Man
Seen from Italy
Josh Tiger 🐯🇨🇱 🔜 Pawstral/WüFF 2026 🇨🇱
Seen from United States
Phim Gây Việt
Seen from Vietnam
Aomr Aomr
Seen from Germany
انجي خوري - angie khoury
Seen from Turkey
Piggy
Seen from Vietnam
Cԃ Dilα ❤️ ADANA
Seen from Turkey
rayyanzikri
Seen from Egypt
Sara 
Seen from Indonesia
Industry On Blast
Seen from United Kingdom
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers