Olivia
Online
Stef Rand
@techieStef
Senior Intelligence Analyst @RedCanary! Former DFIR @Mandiant, former @NetworkDefense intern. Psychology nerd. When I am not computering, I go outside and play!
Atlanta, GA
Joined August 2018
435 Following
1.8K Followers
801 Posts
Pinned Tweet
Super excited to introduce Tangerine Turkey! Tangerine Turkey is @redcanary's name for a VBS worm that is delivered via an infected USB and uses a printui DLL hijack to deliver a cryptomining payload. This was a fascinating rabbit hole to go down!
https://t.co/5G7mkwR883
📈 After ranking first for the whole year in our newly released Threat Detection Report, SocGholish takes the number one spot in our 10 top threat list for the month as well. Learn more about fake browser updates and worms in this month's edition of Intelligence Insights. https://t.co/hMX2NVLXGn
📣 The 2025 Threat Detection Report is here! Dive into our analysis of 93,000 threats our customers' security controls missed, with actionable guidance on every page. Read the ungated report here: https://t.co/Iyv2T08cd1
🆕 Two emerging threats make their debuts in our top 10 list: Infrared Ibis and Saffron Starling
Get detection opportunities and more in this month's edition of Intelligence Insights.
https://t.co/iMey9z58Iu
Who to follow
Steve YARA Synapse Miller
@stvemillertime
AI threat intelligence @google
writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
Eric Capuano - Bsky: @eric.zip
@eric_capuano
Co-Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yUXCSu2Yso | ⬡ ❤ @shortxstack
Jon Hencinski 
@jhencinski
Head of SecOps @ProphetSec
Exciting update to our blog! As part of our ongoing research we identified some public Github repos being leveraged that, I'm happy to say, are no longer active! More details--plus some IOCs for still-active sites--in the update.
🗞️ Just in, from Red Canary Intel: After discovering that Tangerine Turkey’s operators pull down miner configuration files from remote resources, we reported some of their public GitHub repos, which have now been taken down. Read our updated blog for IOCs and more. https://t.co/Nc2qjyCrbd
@techieStef Get more of this month's Intelligence Insights here: https://t.co/uUo6EqWilB
HijackLoader—a newcomer to our monthly top 10 list—is fond of renaming executables, which presents a detection opportunity. Learn more in this month's edition of Intelligence Insights. https://t.co/CIXxO0tXke
📈 We've seen a spike in LummaC2 stealer activity over the last two months. Get detection guidance and more in this month's edition of Intelligence Insights. https://t.co/i2eJF7j44Y
ChromeLoader and SocGholish remained our top threats in September, but a new technique stood out, tricking users into copying a PowerShell script, pasting it into Windows Run, and executing malicious code that leads to LummaC2: https://t.co/4yJGznAsBR
Removal Complete! Salmon can now access much more cold water habitat and excellent spawning grounds… https://t.co/yHHs5vovMW
At the end of August 2024, Red Canary observed ransomware incidents that leveraged VPNs both as an initial access vector and to facilitate further access within organizations. https://t.co/7wWl5sSPDT
Keep tabs on ChromeLoader and other browser-related threats in this month's edition of Intelligence Insights. https://t.co/grAEgtXaw2
This month's newcomers:
🏵️ Amber Albatross, which starts with a potentially unwanted program and ultimately leads to a pyInstaller executable with stealer capabilities
💸 dllFake, a malware family that primarily targets browsers and crypto wallets
https://t.co/6LpGDSeaOI
@DannyDrinksWine Umbrellas of Cherbourg
It's Koi phishing season! Red Canary Intel has been tracking an activity cluster that drops Koi Loader and a final payload of a .NET stealer. https://t.co/RwbiUlQXvS
@chrissanders88 😆 Thanks for the shout out! What can I say, malware jerks getting up to their jerky shenanigans makes me grumpy
Keeping up with threats and trends can feel like navigating a labyrinth in the dark. @techieStef & @ForensicITGuy explore topics from our 2024 Threat Detection Report, including initial access tradecraft, cloud abuse, identity attacks, and more. 🎬 🍿 https://t.co/2oK6blxAZf
Tax season springs financially-themed phishing lures on users, and vulnerabilities continue to sprout up in this month’s edition of Intelligence Insights. https://t.co/CZ0Pa7q9OW
I do not have words for how much this delights me. These loud little birds are one of my favorite things in the world. Look ye upon this glorious wrendering that captures their noisy bossy chaos. Absolutely wonderful, @thepacketrat
TDR Day 🥳🎉 also means it’s Threat Sounds release day!!! Vol. 4 has dropped and it’s epic, y’all! 🔥
https://t.co/Pl8mPM0G0f
Last Seen Users on Sotwe
TANTE STW
Seen from Indonesia
SI WANITA GANJEN
Seen from United States
pecinta stw
Seen from Singapore
تقى 👩❤️👩
Seen from Germany
İstanbul Bahçelievler Cd Pasif Gay Travesti 💎❄️
Seen from Turkey
Andrea Burgos Cali 🇨🇴
Seen from Colombia
♛ ℙ𝕝𝕖𝕒𝕤𝕦𝕣𝕖 𝕊𝕖𝕖𝕜𝕖𝕣 ♛
Seen from Indonesia
Bakire Bir Kız Yağmur
Seen from Turkey
Barça Universal
Seen from Netherlands
أحمد فحل ليبي فاجر والع نار 0910297588 موجود وتس
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers