Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Costin Raiu Profile picture
Costin Raiu
@craiu
Cybersecurity researcher focused on threat intel & APTs. Breaking down attacks, hunting threats, and crafting YARA rules. 🛡️💻 #ThreatIntel #CTI #Crypto #YARA
Jun 19 23 tweets 6 min read
I've been looking at the leaked #Nobitex cryptocurrency exchange Source Code from Predatory Sparrow / Gonjeshke Darande ( and related configs) for the whole morning, here's my notes:settings.py 1. The source code manages a full multi-wallet system, supporting both hot and cold wallet infrastructure across numerous blockchain networks. The cold wallet is managed through an internal network server, so it may potentially have been reachable by Predatory Sparrow. MAINNET_COLD_WALLET_URL = ''coldui.nxbo.ir
Sep 23, 2022 12 tweets 4 min read
Here's my top 10 big "unattributed" #APT mysteries: 1. Project TajMahal: securelist.com/project-tajmah…
Sep 14, 2021 8 tweets 3 min read
How to check iOS devices for signs of CVE-2021-30860 / FORCEDENTRY exploitation (for context, see @citizenlab's 13.09.2021 blog). #nso #pegasus #malware #ios Make an unencrypted iTunes backup, or use MVT (docs.mvt.re/en/latest/inde…) to decrypt an encrypted one. You can also check older backups, if you have them. (it's a good idea to make regular iTunes backups for all your devices, precisely for this reason)
Feb 16, 2021 9 tweets 2 min read
1/9 The French National Cybersecurity Agency @ANSSI_FR released a report on Hades / Sandworm infecting Centreon servers with a PHP backdoor, followed by deploying the Exaramel Linux backdoor. Some notes: 2/9 Centreon is an IT monitoring software, created by a French company with the same name. Some customers include Accor Hotels, AirFrance / KLM, Airbus, Euronews, Orange and various French gov agencies. No indication any of these were breached.
Dec 21, 2020 8 tweets 3 min read
Cracking the Sunburst / Solorigate "do not infect" domain hashes, a thread 👉 In their comprehensive analysis of Sunburst / Solorigate, Microsoft highlights an interesting fact: that certain domains are excepted from further infection. microsoft.com/security/blog/…
Jan 10, 2019 10 tweets 4 min read
Today, Singapore gov published a large, thorough, 450+ pages analysis report on the Health Services Private Ltd hack. Here's a summary analysis highlighting the most interesting findings. Full report is available at: mci.gov.sg/coireport The attackers breached Singapore Health Services through a vulnerability in Outlook. Although a patch was available, the systems were not updated. As a side note, it is quite rare that we see attackers exploiting vulnerabilities in Outlook.