Tag index

22 curated tag landing pages: APT groups, malware families and TTPs

Tag index

22 curated tag landing pages

APT groups · 3

Threat-actor clusters tracked by attribution analysts. Each page collates the IOCs the public infosec community on Twitter/X has linked to that cluster.

#kimsuky 1,922 year · 612 month

DPRK-aligned APT (Velvet Chollima, TA427, Black Banshee)

#Lazarus 153 year · 20 month

DPRK-aligned APT focused on financial gain

#DPRK 110 year · 110 month

DPRK-aligned threat activity (Lazarus, Kimsuky, adjacent)

Malware families · C2 frameworks · tools · 11

Specific malware identities (Cobalt Strike, AsyncRAT, NetSupportRAT, …) plus dual-use offensive tooling that surfaces in real-world intrusions.

#cobaltstrike 7,543 year · 2 month

Adversary simulation tool abused by APTs and ransomware crews

#interactsh 2,371 year · 0 month

OAST canary used by attackers for blind XSS / SSRF / RCE detection

#remcos 2,121 year · 15 month

Commercial RAT widely abused in mass phishing

#Sliver 1,809 year · 4 month

Open-source C2 framework abused as Cobalt Strike alternative

#NetSupportRAT 1,778 year · 0 month

NetSupport Manager abused as RAT

#AsyncRAT 1,635 year · 34 month

Open-source .NET RAT, common in Latam + EU mass phishing

#deimos 1,474 year · 0 month

Open-source Go C2 framework, cross-platform implants

#Lumma 1,170 year · 0 month

LummaC2 infostealer (browser, crypto, autofill, MFA)

#Mythic 1,143 year · 2 month

Open-source modular C2 by SpecterOps

#Havoc 1,086 year · 0 month

Modern open-source C2, increasingly real-world abused

#njRAT 769 year · 2 month

Long-running .NET commodity RAT (especially MENA)

Tactics, techniques and infra labels · 8

Broader categories: phishing, C2 infrastructure, ransomware, infostealer, scam, opendir and the umbrella malware / APT labels.

#phishing 45,620 year · 1,299 month

Phishing infrastructure observed by public Twitter/X researchers

#c2 27,244 year · 87 month

Command and Control servers (URLs, IPs, domains)

#scam 7,388 year · 40 month

Fraud and scam infrastructure (fake stores, crypto, romance, giveaways)

#malware 4,505 year · 157 month

Malware-hosting URLs, domains and IPs

#apt 1,911 year · 84 month

APT infrastructure (URLs, domains, IPs, hashes)

#ransomware 1,031 year · 42 month

Ransomware infrastructure (URLs, domains, IPs, hashes)

#stealer 871 year · 116 month

Infostealer infrastructure (URLs, domains, IPs, hashes)

#opendir 773 year · 69 month

Open directories hosting attacker payloads

Other reference

IOC types · the 5 type-specific hubs (URLs / domains / IPs / MD5 / SHA-256).
Threat-intelligence guide · ~1,640-word pillar covering IOC types, OSINT vs commercial, MITRE ATT&CK basics, glossary.